CIOs  Prepare  for  Sox  Compliance  Page  6 


Tips  for  Leading  Through  an  IT  Crisis  Page  62 


Allstate  CTO 
Catherine  Brune 

expanded  the 
flexible  portion  of 
her  IT  budget  from 
25%  in  2002  to 
50%  today, 
allowing  her  to 
invest  in  new 
technologies. 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


A  NEW  WAY  TO 
MANAGE  VENDOR! 

Build  a  vendor  management 
office  that  works 

Page  56 


INVITATION 
TO  STEAL 

Automation  can  save  millions 
but  not  when  it  enables  fraud 

Page  48 


Lower  costs  and  money  for  innovation 
Budget  flexibility  is  the  key. 

The  first  in  our  CIO  Leadership  Agenda  series.  Page 38 


BY  SUSANNAH  PATTON 


It’s  big,  it’s  bold,  it’s  Xerox  color.  Put  it  to  work  in 

39%  more  memorable.  Pretty  impressive. 


Success  is  in  the  details.  Keeping  those  details  fresh  in 
everyone’s  mind  is  what  Xerox  color  is  all  about.  Use  color 
smartly  and  it  communicates  facts,  underscores  salient 


points,  and  adds  “aha’s”  to  your  work.  That’s  why  our 
wide  selection  of  desktop  color  printers,  multi  function 
systems,  and  digital  presses  has  something  more.  Xerox 


Xerox  color  printers 
multi-function  systems 
&  digital  presses 


xerox.com/color  1-800-ASK-XEROX  ext.  COLOR 


©  2005  XEROX  CORPORATION.  All  rights  reserved.  XEROX®  and  Xerox  Color.  It  makes  business  sense  are  trademarks  of  XEROX  CORPORATION  in  the  United  States  and/or  other  countries. 


1 


your  business  and  it  can  make  your  sales  pitches 
Xerox  olor.  It  makes  business  sense. 

color  expertise.  It’s  the  know-how  that  combines  state-of- 
the-art  technology  with  real  economy,  to  help  you  boost 
productivity  and  business  performance.  Xerox  color  expertise 


is  already  making  business  sense  in  thousands  of  companies, 
leaving  lasting  impressions  that  make  an  impact  on  the 
bottom  line.  It’s  the  juicy  stuff  any  business  would  like  to  see. 


XEROX 


Technology 


Document  Management 


Consulting  Services 


■ 


u)2004  Adobe  Systems  Incorporated.  All  riglwi  reserved.  Adobe,  the  Adobe  logo  and  better  by  \dobe  are  either  registerccitrademarks  or  trademarks 
of  Adobe  Systems  Incorporated  in  the  Unite  jl  State*  and  or  other  countries.  All  other  trademarks  are  the  property  of  the*  respective  owners. 


How  did  80%  of  information 
become  100%  useless? 

What  if  information  could  find  its  way  in  and  out  of 
databases,  all  on  its  very  own?  With  the  Adobe 
Intelligent  Document  Platform,  it's  possible.  When  you 
combine  the  logic  of  XML  and  Adobe  PDF,  suddenly 
documents  are  smarter.  Unstructured  content  unifies  with 
structured  data.  And  information  intuitively  travels  where 
it's  needed,  safely  and  securely.  It's  simplicity  at  work. 
The  Intelligent  Document  Platform.  Better  by  Adobe: 


Adobe 


See  how  smarter  documents  are  working  for  other  companies  at  adobe.com/idp. 


Adobe-  Intelligent  Document  Platform 


soiaris 


TEN  MOVES  AHEAD 


1.  LINUX  AND  SOLARIS™  OS 
APPLICATIONS  RUN  SIDE-BY-SIDE 

2.  CHOICE  OF  SYSTEMS  - 
SPARC®,  AMD  OPTERON™,  INTEL 

3.  RUNS  ON  OVER  250  SYSTEMS  FROM 
OTHER  MANUFACTURERS 

4.  APPLICATIONS  RUN  UP  TO  30  TIMES  FASTER 

5.  MILITARY-GRADE  SECURITY, 

VIRUS-FREE  FOR  THE  LAST  20  YEARS 

6.  GUARANTEED  COMPATIBILITY* 

GUARANTEED  INDEMNITY 

7.  UP  TO  80%  SYSTEM  UTILIZATION 
(NO  MAINFRAME  REQUIRED) 

8.  SYSTEMS  AND  DATA  FIX  THEMSELVES 

9.  REVOLUTIONARY  NEW  FAILSAFE  FILE 
SYSTEM  FOR  DATA  PROTECTION 

10.  SCALES  FROM  1-WAY  TO  100-WAY 


microsystems 

The  Network  is  the  Computer 


MOVE  AHEAD  TODAY  AT 
SUN.COM/SOLARIS10 


©  2004  SUN  MICROSYSTEMS.  INC.  ALL  RIGHTS  RESERVED.  SUN,  SUN  MICROSYSTEMS.  THE  SUN  LOGO,  SOLARIS  AND  THE  NETWORK  IS  THE  COMPUTER  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SUN  MICROSYSTEMS,  INC.  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES.  ALL  SPARC  TRADEMARKS 
ARE  USED  UNDER  LICENSE  AND  ARE  TRADEMARKS  OR  REGISTERED  TRADEMARKS  OF  SPARC  INTERNATIONAL,  INC  IN  THE  UNITED  STATES  AND  OTHER  COUNTRIES. 

*  SEE  SOLARIS  APPLICATION  GUARANTEE  PROGRAM  FOR  MORE  DETAILS. 


COVER  PHOTO  BY  JEFF  SCIORTINO 


I.T.:  HALF-FULL?  |  28 

Outsourcing  and  packaged  solutions  have 
hollowed  out  IT.  Yet  CIOs  still  have  the  oppor¬ 
tunity  to  create  competitive  advantage— by 
differentiating  customer-facing  processes. 

Column  by  Susan  Cramm 

Leadership 

GLASER  FACES  THE  MUSIC  |  62 

For  the  CIO  of  Partners  Healthcare,  fixing 
recurrent  slowdowns  and  outages  to  the 
electronic  medical  records  system  was  a  major 
test  of  leadership.  Feature  by  Ben  Worthen 

Security 

INVITATION  TO  STEAL  |  48 

The  more  you  automate  your  critical  business 
processes,  the  more  vigilant  you  need  to  be 
about  protecting  against  fraud. 

Feature  by  Allan  Holmes  more  » 

www.cio.com  |  FEBRUARY  1,  2005  5 


The  flexibility  Allstate  CTO 
CATHERINE  BRUNE  built 
into  her  IT  budget  helped  the 
insurer  respond  quickly  last 
summer  when  hurricanes 
trashed  Florida. 

Budgeting 

COVER  STORY  |  FLEXTIME  |  38 

Your  biggest  challenge  in  2005  is  to  grow  while 
shrinking.  It’s  not  impossible. 

Part  of  the  CIO  Leadership  Agenda  series 

Feature  by  Susannah  Patton 

BOLD  IS  BEAUTIFUL  |  72 

Forget  about  tactics.  If  you  want  to  be  the  most  effective  CIO, 
it’s  time  to  put  your  fears  aside  and  get  aggressive. 

Column  by  Gary  Beach 


Staffing 

CIO,  HOW  DOES  YOUR  GARDEN  GROW?  |  32 

CIOs  who  have  been  asked  to  do  more  with  less  have  been  asking 
their  staffs  to  do  a  lot  more.  They  came  through  for  you;  now  what 
are  you  going  to  do  for  them? 

Column  by  Megan  Santosus 

Vendor  Management 

ANEW  WAY  TO  MANAGE  VENDORS  |  56 

CIOs  grappling  with  an  increasingly  complex  marketplace  are 
finding  relief— and  better  relationships  with  vendors— by  forming 
VMOs  within  their  organizations.  Here’s  how. 

Feature  by  Susannah  Patton 

HOW  TO  START  YOUR  OWN  VMO  |  CIO.COM 

Ask  Aflac  CIO  Jim  Lester  how  he  built  a  vendor  management  office 
that  gets  the  best  deals  in  town.  Go  to  Ask  the  Source. 

www.cio.com/ask 


DEPARTMENTS 


Trendlines  I  19 

RFID  j  The  Drug  Industry  Self- Polices  with  RFIDs 

Staffing  IT  Hiring  Perks  Up 

Wireless  !  Wi-Fi  Hits  Interstate  Rest  Stops 

Entertainment  The  New  Pocket-Sized  Theme  Park 

Leadership  |  Top  10  Information  Management 
Concerns 

CIOs  on  the  Move  PepsiCo  Launches  Another 
CIO’s  Career 

Online  Communities  The  Little  List  That  Could 

Online  Shopping  |  What  Searching  Says  About 
Buying 


Forum  |  69 

On  Sox  The  CIO  Executive  Council  shares 
insights  on  Sarbanes-Oxley  compliance 

From  the  Editor  !  10 

New  Stuff  for  the  New  Year  !  Because  change  is  a 
constant.  By  Abbie  Lundberg 

Inbox  |  16 
Index  |  74 

Executive  Summary  |  76 

(a)lso  on  cio.com 

The  CIO  Leadership  Agenda  2005— A  new  site 
devoted  to  the  five  leadership  imperatives  for  IT 
execs  in  the  coming  year.  Go  to  agenda.cio.com. 

NEW  BLOGS 

»  Senior  Writer  Ben  Worthen  interprets  D.C. 
legislation  that  affects  you  in  Tech  Policy. 

»  Executive  Editor  Christopher  Koch  tackles  the 
thorny  business  of  IT  Strategy. 


»  CIO  News  Alerts  keep  you  updated  on  the  news 
that’s  most  important  to  you. 

Find  them  at  www.cio.com/blogs. 


6 


FEBRUARY  1,  2005  |  www.cio.com 


BECAUSE  THE  FUTURE 
IS  MORE  EXCITING  THAN 

THE  PAST. 


It's  your  choice.  Job  Description  1:  Maintain  legacy  communications  systems  based  on  outmoded  analog  technologies.  Must  be 
fully  adept  at  "potchkying"  together  solutions  that  appear  to  do  new  things.  Facility  with  answering  the  question,  "Why  can't  I?" a 
plus.  Job  Description  2:  Take  a  company-wide  communications  strategy  into  the  future.  Implement  IP-based  videoconferencing, 
global  work  teams  and  business-resilience  strategies.  Answer  the  question,  "How'd  you  do  that?"  with  aplomb.  To  learn  more 
about  Cisco  IP  Communications  solutions  or  to  find  a  service  provider  that  offers  these  managed  services  over  a  Cisco  Powered 
Network,  visit  cisco.com/domore.  COMMUNICATION.  THE  NEW  FASHIONED  WAY.  CISCO  IP  COMMUNICATIONS. 


THIS  IS  THE  POWER  OF  THE  NETWORK.  IIOW. 


Cisco  Systems 


©2004  Cisco  Systems,  Inc.  All  rights  reserved. 


The  Business  Objects  logo  and  BusinessObjects  are  trademarks  of  Business  Objects  S.A.  All  other  names  referenced  herein  may  be  the  trademarks  of  their  respective  owners.  ©  2005  Business  Objects  S.A.  All  rights  reserved. 


BusinessObjects  XI  extreme  Insight  World  Tour  Amsterdam  •  Beijing  •  Birmingham  •  Brussels  •  Chicago  •  Dublin  •  Madrid  •  Melbourne 


Introducing  BusinessObjects  XI. 

extreme  Insight.  Trusted  Platform. 


The  antidote  to  useless  information.  You  know  the  problem.  Inaccurate,  confusing,  out-of-date 
information  you  can't  find,  trust,  or  understand.  Get  to  know  the  solution.  BusinessObjects™  XI,  the 
breakthrough  business  intelligence  (BI)  suite  from  Business  Objects.  It  delivers  extreme  insight  throughout 
your  organization,  providing  everyone  easy  access  to  timely,  accurate  information.  It  integrates  everything 
you  need  to  better  track,  understand,  and  manage  your  business.  Reporting,  query  and  analysis, 
dashboards  and  scorecards,  even  Microsoft  Office  applications.  All  on  the  world's  most  trusted,  proven 
BI  platform.  BusinessObjects  XI.  See  the  extreme  difference  it  will  make. 

Business  Objects 

To  learn  more  about  BusinessObjects  XI,  or  to  register  for  our  extreme  Insight  World  Tour,  visit  ^  www.businessobjects.com 


Milan  •  Munich  •  New  York  •  Paris  •  Rome  •  San  Francisco  •  Seoul  •  Shanghai  •  Singapore  •  Sydney  *  Stockholm  •  Washington  DC  •  Zurich 


FROM  THE  EDITOR 


New  Stuff 
for  the 
New  Year 

Because  change  is  a  constant 


!  ! 


In  the  past  five  years,  CIO  has  won  both  the  American  Business  Media’s  top  honor,  the 
Grand  Neal  Award,  and  the  ASBPE  Magazine  of  the  Year— not  once  but  twice  each.  However, 
one  thing  we’ve  learned  from  the  companies  we  write  about  is  that  any  business  that  rests  on 
its  laurels  eventually  falls  victim  to  complacency.  An  “aren’t  we  great,  let’s  just  keep  doing  what 
we’re  doing”  attitude  can  be  a  death  knell  for  even  the  most  successful  organizations. 

While  there’s  no  absolute  formula  for  success,  three  ingredients  are  key:  a  deep  under¬ 
standing  of  customer  needs,  great  talent  and  a  good  plan.  CIO  has  always  had  a  close  rela¬ 
tionship  with  CIOs,  and  we  have  the  best  writers,  editors  and  designers  in  the  business. 
You’ll  find  some  of  the  plan  outlined  below. 

We  redesigned  CIO  five  years  ago,  simultaneously  redefining  our  editorial  mission  to  be 
more  thought-provoking  and  challenging  at  a  time  when  CIOs  were  on  top  of  the  world.  We 
changed  our  page  size  and  binding,  which  allowed  for  enhanced  design  and  expanded  content. 

A  lot  has  changed  since  2000.  On  the  content  front,  CIOs  are  again  looking  for  valida¬ 
tion,  leadership  support  and  practical  help  in  the  face  of  new  and  greater  challenges.  So  we’ll 
keep  up  our  rigorous  business  reporting  and  sharp  writing,  but  we’ll  enhance  our  leader¬ 
ship  coverage  and  add  more  practical  guidance  and  support  for  beleaguered  CIOs. 

In  terms  of  publishing,  as  the  technology  industry  contracts,  so  does  the  number  of 
advertising  pages  available  to  run  in  magazines  like  CIO.  Confluent  with  that  trend  are  two 
others,  equally  relevant  to  our  business:  the  increasing  popularity  of  online  media,  and  the 
clear  awareness  on  the  part  of  CIOs  that  they  have  as  much  to  learn  from  their  peers  as  they 
do  from  other  industry  experts  (analysts,  consultants  and  researchers). 

So  here’s  how  we’re  responding  to  these  various  developments  to  serve  you  better: 

We’ve  renamed  and  redesigned  two  popular  columns:  In  Forum,  you’ll  find  ideas  and 
insights  from  the  CIO  Executive  Council.  It’s  more  focused,  more  active,  and  all  about 
CIOs  learning  from  the  experience  and  knowledge  of  their  peers.  And  we’ve  moved  Susan 
Cramm’s  popular  Executive  Coach  column  to  the  front  of  the  magazine  so  that  it’s  easier  to 
find.  Her  advice  is  spot  on  given  the  increasing  complexities  of  the  CIO  role. 

We’ve  tightened  the  magazine  and  freshened  its  look;  it’s  cleaner  and  more  up-to-date. 
We’ve  incorporated  a  few  new  fonts  into  our  display  type.  Most  of  the  changes  won’t  even 
be  noticed  on  a  conscious  level;  the  one  somewhat  radical  thing  we’ve  done  is  to  reorgan¬ 
ize  our  Table  of  Contents  around  topics  rather  than  the  order  they  appear  in  the  magazine. 

Finally,  we’re  combining  two  imperatives— the  call  for  more  focused  leadership  cover¬ 
age  and  the  demand  for  more  integrated  content  across  media— in  our  new  CIO  Leadership 
Agenda  Series,  which  debuts  in  this  issue  (see  Page  36)  and  which  will  find  expression  in 
print,  online,  in  webcasts  and  in  live  events. 

I’d  love  to  know  what  you  think  about  these  enhancements— what  you  like,  what  you 
don’t,  and  what  else  you  would  like  to  see. 


2004  GRAND  NEAL  WINNER 

For  the  second  year  in  a  row, 

CIO  magazine  has  won  the 
prestigious  Jesse  H.  Neal 
National  Business  Journalism 
Award  for  editorial  excellence. 


Abbie  Lundberg,  Editor  in  Chief 

lundberg(a)cio.com 


1  0 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  STEVEN  VOTE 


Advertisement 


& 


!&!!isiE£fciE=Ssl^ 
Nokia  One  Business  Server 


Network  Firewall  Appliance 


6820  Messaging  Device 


The  queen  was  in  her  counting  house,  counting  all  her 
company’s  savings.  More  specifically,  when  we  caught 
il  up  with  R.O.  Ida,  the  chief  financial  officer,  she  was 
tallying  last  month’s  savings,  the  result  of  a  total  mobility 
solution  the  Queen  of  Lean  has  begun  implementing. 


What’s  up  with  that  jar  full  of  old  rings  and  tarnished  coins 
on  your ... 

Shhhh!  2,997,  2,998,  2,999,  three  thousand  dollars!  Wow,  right  to 
the  bottom  line.  And  we  haven’t  even  reined  in  ail  the  runaway 
mobility  expenses  yet.  Oh,  the  jar....  It’s  stuff  I  found  with  my  metal 
detector. 

You’re  smiling,  which  is  odd  for  a  CFO;  are  you  actually 
enjoying  yourself? 

It  sure  beats  signing  expense  reports— they’re  what  I  like  to  call  a 
salesman’s  best  shot  at  creative  writing!  But  what  really  gives  me  a 
kick  is  saving  money,  and  that’s  what  we’re  doing  here  now  with  our 
new  total  mobile  strategy. 

A  strategy  for  all  mobile  services?  Why  not  let  individual 
departments  decide  what’s  best,  or  even  the  individuals 
themselves? 

That’s  what  got  us  into  a  big  mess  in  the  first  place.  Until  recently, 
we  had  five  different  mobile  service  providers.  We  had  hardware  from 
eight  different  vendors.  We  had  incompatible  mobile  email  solutions. 
It  was  hard  for  us  to  guarantee  security  with  such  a  rat’s  nest.  And 
man,  was  it  expensive.  Tell  you  the  truth,  we  had  a  really  hard  time  just 
tracking  the  expense.  To  people  like  me,  that’s  like  not  knowing  the  day 
of  the  week. 

So  what  did  you  do? 

I  was  complaining  about  this  to  a  friend  while  we  were  window 
shopping,  and  she  said,  “Call  Nokia.”  So  I  did.  It  wasn’t  just  a  business 
query— it  was  an  S.O.S.,  because  we  were  spending  a  third  of  our  IT 
budget  on  mobility.  After  routine  IT  maintenance,  we  were  left  with 


zippo  for  strategic  development.  It  was  like  throwing  good  money  into 
a  parking  meter— there  was  just  no  return. 

What  did  Nokia  do  for  you? 

For  starters,  they  helped  us  develop  a  total  mobile  connectivity 
solution,  with  uniform  high-speed  remote  access  to  give  our  road 
warriors  the  info  they  need  no  matter  where  they  are,  and  quickly.  They 
layered  in  just  the  right  amount  of  security,  including  a  secure  VPN.  And 
they  gave  our  administrators  real  easy-to-use  tools  to  assign  access 
privileges  based  on  user  identity.  This  was  our  foundation. 

Then  what? 

Slowly  but  surely,  we  developed  a  plan  with  Nokia  to  get  rid  of  a 
lot  of  the  incompatible,  clunky  mobile  hardware  and  replace  it  with 
intelligent  Nokia  devices.  They  are  built  to  work  seamlessly  together, 
which  means  fewer  calls  in  the  middle  of  the  night  from  far-flung 
corners  of  the  globe  to  our  help  desk.  And  less  help-desk  expense.  With 
their  guidance,  our  mobile  workers  get  just  what  they  need,  but  no 
more.  I  like  that.  Now  we  inventory  all  new  devices,  and  maintenance 
and  replacement  schedules  are  predictable.  I  really  like  that. 

Anything  else? 

You  bet.  Everyone  knows  the  killer  app  today  is  email.  It’s  the 
lifeblood  for  our  mobile  workers.  Nokia  worked  with  us  to  provide  a 
uniform,  simple,  and  highly  reliable  mobile  email  solution  that  has 
saved  us  big  bucks.  They  helped  us  fine-tune  the  solution  to  the 
different  devices  our  IT  guys  deploy,  because  some  road  warriors  like 
to  use  their  PDAs  for  mail,  others  like  their  laptops,  and  still  others 
prefer  their  smart  phones.  Me— I  just  love  the  dollar  savings  that  come 
from  a  single,  predictable,  and  reliable  mobile  email  solution. 

Sounds  like  Nokia  helped  you  find  a  key  to  the  efficiency 
kingdom. 

Yeah,  and  I  didn’t  have  to  use  my  metal  detector  to  find  it.  Now,  if 
you’ll  excuse  me,  it’s  lunch  time  and  I’d  like  to  balance  my  checkbook. 
By  the  way,  the  time’s  out  on  your  parking  meter. 


Interviewer  Bill  Laberis  was  editor-in-chief  of  Computerworld  for  ten  years  (1986-1996).  He  is  president  of  Bill  Laberis 
Associates,  a  custom  publishing  and  content  company  (www.laberis.com).  His  columns,  Webcasts,  supplements  and 
magazines  are  well-known  and  respected  throughout  the  high-tech  industry. 


Learn  how  to  mobilize  your  team  and  increase  business  productivity. 
Download  “The  Anytime,  Anyplace  World”  white  paper. 

nokiaforbusiness.com 


Produced  bi 

^HetworkWorld 

S#CUSToI^EDI^OU)TIONSn 


NOKIA 

Connecting  People 


WHAT  WE  COVER,  WHOM  TO  CONTACT 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


president  and  ceo  Walter  Manninen 
editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 

EDITORIAL 

editor  in  chief  Abbie  Lundberg 
editor  Richard  Pastore 
managing  editor  David  Rosenbaum 
managing  editor,  production  Cheryl  R.  Asselin 
executive  editors  Alison  Bass,  Christopher  Koch 
Washington  bureau  chief  Allan  Holmes 
leadership  and  management  editor 
Edward  Prewitt 

special  projects  editor  Mindy  Blodgett 
technology  editor  Christopher  Lindquist 

SENIOR  editors 

Scott  Berinato,  Alice  Dragoon, 

Megan  Santosus,  Elana  Varon 

SENIOR  WRITERS 

Meridith  Levinson,  Stephanie  Overby, 
Susannah  Patton,  Ben  Worthen 
staff  writer  Thomas  Wailgum 

CONTRIBUTORS 

Susan  Cramm,  Carrie  Mathews, 

Paul  Roberts,  Jeff  Vance 

DESIGN 

executive  director,  art  and  design  Mary  Lester 
art  director  Terri  Haas 

ASSOCIATE  ART  DIRECTORS 

Owen  Edwards,  Matthew  Goebel 
designers  Joanna  De  Fazio,  Jenna  Talbott 

associate  designer  Neva  Tachkova 
design  operations  specialist  Rachel  Barnett 
freelancer  Melanie  DeForest 

COPY  TEAM 

SENIOR  COPY  EDITORS 

Diann  Daniel,  Emily  S.  Henderson 
copyeditor  Cathy  Mallen 
assoc,  copy  editor  Daniel  John  Robinson 

EDITORIAL  ASSISTANTS 

Daniel  J.  Horgan. 

Margaret  Locher,  Al  Sacco 

RESEARCH  &  PROJECTS 

research  editor  Lorraine  Cosgrove  Ware 

editorial  resource  manager  Carol  Zarrow 
ASSOCIATE  RESEARCH  ANALYST  Julie  HanSOn 
special  projects  manager  Lynne  Z.  Rigolini 

ONLINE  EDITORIAL 

web  editorial  director  Art  Jahnke 

WEB  EXECUTIVE  EDITOR  AND  PRODUCER 

Janice  Brand 

web  editor  Sandy  Kendall 
WEB  WRITER  JOH  SurmaCZ 

C  X  O  MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

CEO  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 

BPA 

DOItONIIE' 

©CXO  Media  Inc. 


INDUSTRY 

Automotive 

Edward  Prewitt,  eprewitt@cio.com 

Financial  Services 

Elana  Varon,  evaron@cio.com 

Health  Care 

Alison  Bass,  abass@cio.com 

Manufacturing,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

Manufacturing,  Business-to-Consumer 

Susannah  Patton,  spatton@cio.com 

Public  Sector 

Allan  Holmes,  aholmes@cio.com 

Retail 

Meridith  Levinson,  mlevinson@cio.com 

Transportation 

Stephanie  Overby,  soverby@cio.com 

Travel/Leisure/Entertainment 

Alice  Dragoon,  adragoon@cio.com 

BUSINESS  &  TECHNOLOGY 

Architecture 

Christopher  Koch,  ckoch@cio.com 

Customer  Relationship  Management  (CRM) 

Alison  Bass,  abass@cio.com 
Alice  Dragoon,  adragoon@cio.com 

E-Commerce,  Business-to-Business 

Christopher  Koch,  ckoch@cio.com 

E-Commerce,  Business-to-Consumer 

Meridith  Levinson,  mlevinson@cio.com 

Emerging  Technology 

Christopher  Lindquist,  clindquist@cio.com 

Enterprise  Resource  Planning  (ERP) 

Ben  Worthen,  bworthen@cio.com 


Book  Reviews 

Carol  Zarrow,  czarrow@cio.com 

By  the  Numbers 

Lorraine  Cosgrove  Ware,  lcosgrove@cio.com 

Essential  Technology 

Christopher  Lindquist,  clindquist@cio.com 

Executive  Coach 

Edward  Prewitt,  eprewitt@cio.com 

Forum 

Cheryl  Asselin,  casselin@cio.com 

From  the  Editor 

Abbie  Lundberg,  lundberg@cio.com 
Richard  Pastore,  pastore@cio.com 

From  the  Publisher 

Gary  Beach,  gbeach@cio.com 


Integration 

Christopher  Koch,  ckoch@cio.com 

Knowledge  Management 

Megan  Santosus,  santosus@cio.com 

Leadership  and  Management 

Edward  Prewitt,  eprewitt@cio.com 

Legislation  and  Regulation 

Allan  Holmes,  aholmes@cio.com 
Ben  Worthen,  bworthen@cio.com 

Outsourcing 

Stephanie  Overby,  soverby@cio.com 

Project  Management 

Mindy  Blodgett,  mblodgett@cio.com 

Public  Sector  (Government  IT) 

Allan  Holmes,  aholmes@cio.com 

Risk  Management 

Allan  Holmes,  aholmes@cio.com 

Security/Privacy 

Scott  Berinato,  s bennato@cio.com 
Allan  Holmes,  aholmes@cio.corn 

Staffing 

Stephanie  Overby,  soverby@cio.com 

Supply  Chain  Management 

Ben  Worthen,  bworthen@cio.com 

Value  and  Measurement 

Mindy  Blodgett,  mblodgett@cio.com 

Vendor  Management 

Scott  Berinato,  sbennato@cio.com 
Susannah  Patton,  spatton@cio.com 

Web  Services 

Christopher  Lindquist,  clindquist@cio.com 
Elana  Varon,  evaron@cio.com 

Workforce  Connectivity 

(Wireless,  Collaboration  Technologies) 

Thomas  Wailgum,  twailgum@cio.com 


InBox 

Cheryl  Asselin,  casselin@cio.com 

On  the  Move 

Meridith  Levinson,  mlevinson@cio.com 

Peer  to  Peer 

Alison  Bass,  abass@cio.com 

Reality  Bytes 

Megan  Santosus,  santosus@cio.com 

Total  Leadership 

Elana  Varon,  evaron@cio.com 

Trendlines 

Megan  Santosus,  santosus@cio.com 

Washington  Watch 

Elana  Varon,  evaron@cio.com 
Ben  Worthen.  bworthen@cio.com 


e-mail  letters@cio.com  phone  508  872-0080  fax  508  879-7784  address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O.  Box  9208,  Framingham,  MA  01701-9208  website  www.cio.com  subscriber  ser¬ 
vices  866  354-1125  •  Fax  847  564-9453  •  E-mail  cio@omeda.com  reprint  services  Jesse  Levy  •  PARS  Interna¬ 
tional  •  212  221-9595  xl23  •  E-mail  jesse@parsintl.com  rights  and  permission  Andrew  Burrell  •  508  935-4785  • 
E-mail  aburrell@cio.com 


COLUMN  &  DEPARTMENT  CONTACTS 


12 


FEBRUARY  1,  2005  |  www.cio.com 


ODE  TO 

THE  FEARLESS. 


We  live  in  an  age  where  fearless  thinkers  are  transforming  the  way  we  live,  work  and 
play.  Organizations  are  realizing  that  the  true  power  of  their  information  is  unleashed 
only  when  it  is  readily  available,  not  safely  locked  away.  Business  leaders  are  learning 
that  success  comes  from  letting  their  people  do  what  they  do  best— wherever,  whenever 
and  however.  That  having  to  choose  between  protecting  information  and  making  it 
available  is  a  choice  from  the  past.  That  real  security  is  an  open  door,  not  a  closed  one. 
That  when  information  has  no  limits,  followers  become  leaders  and  leaders  become 
pioneers.  This  is  the  new  world.  And  in  this  world,  the  ones  who  are  fearless  are  the 
ones  who  will  lead. 


www.information-integrity.com/ode 


ARLESS 


Symantec 


Symantec  and  the  Symantec  logo  are  U.S.  registered  trademarks  of  Symantec  Corporation.  Copyright  p  2004  Symantec  Corporation.  All  rights  reserved. 


For  just  pennies  a  page,  the  versatile  Xerox 
color  prints,  plus  advanced  multi-function 


The  remarkable  Xerox  WorkCentre  Pro  2128  gives  you  an 
affordable  way  to  add  brilliant  color  and  an  impressive  set  of 
valuable  features  to  any  office.  This  advanced  digital  system 


can  print,  copy,  scan,  e-mail  or  fax  simultaneously,  even  when 
other  jobs  are  running.  It  also  scans  hard  copy  directly  to 
e-mail,  improving  productivity.  Walk-up  simplicity  means  easy 


xerox.com/office/24  1-800-ASK-XEROX  ext.  24 


©  2004  XEROX  CORPORATION.  All  rights  reserved.  XEROX?  WorkCentre*  and  There's  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION 


WorkCentre*  Pro  2128  delivers  rich  1200x1200  dpi 
performance.  There’s  a  new  way  to  look  at  it. 


access  to  razor  sharp  28  ppm  black-and-white  and 
21  ppm  quality  color  documents.  And  it  consolidates  all 
these  functions  without  compromising  reliability. 


Xerox  WorkCentre  Pro  2128 


To  learn  more,  see  our  full  line  of  multi-function 
systems,  digital  copiers  and  award-winning  color 
printers.  It  makes  perfect  sense  for  any  business. 


"i - 1 

Print  Copy  Scan  Fax  E-mail 


XEROX 


Technology 


Document  Management 


Consulting  Services 


READER  FEEDBACK 

InBox 

What  RFID  Should  Do 

As  businesses  continue  to  struggle  to 
meet  high-growth  expectations,  it  is  nat¬ 
ural  that  every  few  years  a  new  technol¬ 
ogy  will  emerge  as  the  silver  bullet  to  all 
the  woes  (“Tag,  You’re  Late,”  Nov.  15).  And 
the  latest  one  is  RFID,  which  follows  CRM, 
ERP  and  other  similar,  much-hyped  (and 
later  much-maligned)  technologies. 

RFID  has  great  potential,  maybe  more 
than  ERP  and  CRM,  for  enhancing  busi¬ 
ness  performance  from  a  cost-savings  per¬ 
spective.  But  it  also  has  the  usual  dangers 
of  getting  hijacked  by  a  few  vendors  and 
big  consulting  firms  and  turning  into  a 
nightmare  for  the  early  adopters. 

The  first  step  is  to  clearly  define  the 
business  case  for  implementing  RFID.  Get 
help  conducting  the  study  to  define  areas 
of  improvement,  technology  readiness  and 
the  business  case  as  a  vendor-neutral  strat¬ 
egy  consultant.  It’s  important  to  figure  out 
how  the  business  will  use  more  real-time 
data,  how  the  tags  would  alter  the  business 
processes  and  what  RFID  will  mean  for 
enterprise  applications  currently  in  use. 

RFID  should  fit  in  with  everything  else 
you  do.  If  you  don’t  select  the  right  mid¬ 
dleware  or  address  existing  data  growing 
exponentially,  this  could  become  an 
untamable  animal. 

Let  us  hope  the  industry  has  learned  its 
lessons  from  implementations  of  previous 
silver-bullet  solutions  and  will  apply  itself 
in  learning  and  planning  before  consider¬ 
ing  a  solution.  It’s  good  to  remember  that 
technology  can  do  almost  anything.  The 
question  is  not  what  it  could  do;  the  ques¬ 
tion  is  what  it  should  do. 

JAY  JAYAMOHAN 

CEO,  Emerging  Technology  Advisors 
info@etadvisors.  net 

ERM:  Three  Steps  Beyond 

Great  article  on  risk  management 


(“Risk’s  Rewards,”  Nov.  1).  Your  three-point 
approach  is  as  far  as  many  organizations 
go,  trying  to  implement  ERM  without 
overstressing  already  stretched  budgets. 

To  get  the  real  “juice”  out  of  risk  manage¬ 
ment,  though,  an  organization  needs  to  go 
beyond  and  do  the  following: 

■  Set  up  formal  risk  monitoring  by  iden¬ 
tifying  trigger  criteria  to  warn  when  risks 
are  materializing  into  actual  problems. 

■  Craft  realistic  contingency  plans  for 
activation  when  individual  risks  become 
problems. 

■  Create  risk  reserves  in  both  the  bud¬ 
gets  and  schedules  of  the  organization’s 
enterprises  to  pay  for  these  contingency 
actions.  (The  sizing  of  these  reserves  is  a 
discipline  all  its  own.) 

Unfortunately,  these  are  the  steps  that 
cost  money  and  cause  the  implementation 
delays  that  executives  are  seldom  willing 
to  accommodate. 

BILL  CAMPBELL 

Deputy  Director,  Technology 
Services  Organization,  Denver 
Defense  Finance  and  Accounting  Service 
bill.campbell@dfas.mil 

Finding  the  Hidden  Talent 

I  disagree  with  Coy  Thorp’s  statement 
that  “colleges  are  doing  a  poor  job  of 
preparing  workers”  (“Fast  Track  Business 
Degrees,”  Trendlines,  Nov.  1).  The  program 
at  Northface  University  is  but  one  example 
of  the  types  of  programs  that  are  providing 
students  with  these  much-needed  skill 
combinations. 

As  an  educator  concerned  with  arming 
students  with  marketable  career  skills,  I 
have,  for  years,  paid  close  attention  to  the 
hiring  practices  of  the  IT  industry.  Con¬ 
sistently,  IT  jobs  have  required  degrees  in 
computer  or  other  related  sciences.  This 
focus  on  technology  skills  at  the  expense 
of  a  combination  of  IT,  business  and  lib¬ 


eral  arts  skills  has  created  the  perception 
that  colleges  are  not  doing  a  good  job  of 
preparing  their  graduates.  In  fact,  as 
noted  in  the  article,  many  universities, 
particularly  in  their  business  schools, 
offer  programs  specifically  designed  to 
provide  the  trifecta  of  skills  needed  for 
success  in  corporate  IT.  A  number  of 
these  programs  have  been  in  place  for 
years  and  do  an  excellent  job  of  providing 
students  with  significant  knowledge  in 
all  three  areas. 

Some  programs  can  be  completed 
with  as  little  as  three  years  of  study 
and  still  provide  students  with  the 
aforementioned  skills.  So  in  response 
to  suggestions  that  colleges  aren’t  prop¬ 
erly  preparing  IT  professionals  for  work 
in  the  IT  industry,  I’d  say  that  the  IT  indus¬ 
try  is  not  looking  in  the  right  places  for 
the  talent  they  need. 

JIMMIE  CARRAWAY 

Faculty,  IT  Discipline,  College 
of  Business  and  Public  Administration, 

Old  Dominion  University 
jcarrawa@odu.edu 


What  Do  You  Think? 


Send  your  thoughts  and  feedback  to 
letters@cio.com.  Letters  may  be  edited  for 
length  or  clarity.  For  a  link  to  the  articles 
mentioned,  go  to  www.cio.com/printlinks, 

cio.com 


1  6 


FEBRUARY  1,  2005  |  www.cio.com 


©2004  SAP  AG.  SAP  and  the  SAP  logo  are  trademarks  and  registered  trademarks  of  SAP  AG  in  Germany  and  several  other  countries. 


AND  HERE’S  WHY'  Even  the  world’s  leading  technology  companies  need  technology  that  they  can 
rely  on,  which  is  why  HP  uses  a  supply  chain  solution  from  SAP.  Now,  change  orders  that  once  took  three  weeks 
to  communicate  to  all  levels  of  the  supply  chain  take  only  24  hours.  Visit  sap.com/hp  or  call  800  880  1727 
to  see  what  we  can  do  for  your  business. 


JUST  BECAUSE  THE  SYSTEM  IS  DOWN 
DOESN’T  MEAN  THE  PEOPLE  USING  IT  SHOULD  BE 


Constant,  uninterrupted  access  to  critical  data,  systems  and  people.  Even  when  something  goes  wrong.  That’s  Information  Availability.  And  one  of  the 

best  ways  to  virtually  guarantee  Information  Availability  is  by  running  your  production  systems  out  of  our  facilities.  You  manage  your  applications  and 

data  while  SunGard  Availability  Services  helps  to  ensure  that  the  infrastructure  and  technical  support  you  need  is  always  on.  SunGard  can  offer  a  secure 

and  scalable  environment  at  a  lower  operational  cost  for  production.  Plus  we  have  over  60  state-of-the-art  hardened  facilities  with  network, 

power  and  equipment  redundancies  that  are  unparalleled.  For  a  free  copy  of  the  IDC  White  A  DH0 1  Keeping  People 

I  and  Information 
Connected!" 


Availability  Services 


Paper:  “Ensuring  Information  Availability”  visit  www.availability.sungard.com/idcwp 


—  9  *  ~  S  ' 

j 

& /  '  ' 

'  ■;y 

MBMmk  4m 

■ 

m  S 

ilk 

/i_  a 

*  Jm 

1  *  4  A 

.  J 

J 

■  f  §rw  ■  m 

PHOTO  COURTESY  OF  PURDUE  PHARMA:  ILLUSTRATION  BY  BEATA  SZPURA/GETTY  IMAGES 


dlines 


EDITED  BY  MEGAN  SANTOSUS  NEW  *  HOT  *  UNEXPECTED 


The  Drug  Industry  Self-Polices  with  RFIDs 


THEFT  PREVENTION 

The  makers  of  popular  prescrip¬ 
tion  drugs  have  found  a  new 
weapon  in  the  fight  against 
thieves  and  counterfeiters:  the 
tiny  and  controversial  radio 
frequency  identification  (RFID) 
chip.  Purdue  Pharma,  the  man¬ 
ufacturer  of  the  painkiller  Oxy- 
Contin,  is  now  using  RFIDs  to 
track  shipments  of  its  theft- 
prone  drug,  and  Pfizer  plans 
to  start  putting  the  radio  tags 
on  bottles  of  its  widely  counter¬ 
feited  Viagra  drug  by  the  end  of 
2005.  The  U.S.  Food  and  Drug 
Administration  gave  RFID 
deployment  a  boost  when  it 
recently  published  guidelines 
to  help  other  drugmakers  get 
started  before  RFID  labels 


become  mandatory  in  2007. 

“With  RFID,  the  drug  indus¬ 
try  will  be  able  to  police  itself  for 
the  first  time,”  says  Aaron  Gra¬ 
ham,  vice  president  and  chief 
security  officer  at  Purdue 
Pharma  and  a  former  special 
agent  at  the  Drug  Enforcement 
Administration  who  has  also 
worked  undercover  to  combat 
international  drug  counterfeit¬ 
ing.  Graham  says  it’s  difficult  to 
estimate  the  black  market  for 
prescription  drugs  but  that  the 
World  Health  Organization  pre¬ 
viously  stated  7  percent  of  the 
world’s  drugs  are  counterfeit. 
“Having  met  the  people  in  Asia 
and  Latin  America  who  are 
involved  in  counterfeiting,  I 
know  that  it’s  more  than  anec¬ 


dotal,”  Graham  says.  While  sec¬ 
ondary  wholesalers  can  now  fal¬ 
sify  the  origin  of  a  prescription 
drug  in  the  supply  chain,  RFID 
will  make  it  virtually  impossible 
for  counterfeit  drugs  to  enter  the 
legitimate  supply  chain. 

Right  now,  wholesalers  can 
buy  drugs  that  have  been  smug¬ 
gled  into  the  country  and  send 
them  on  to  pharmacies  without 
much  difficulty,  Graham  says. 
With  RFID  tags,  pharmacists  will 
be  able  to  tell  if  the  drug  did  not 
come  from  the  manufacturer.  Law 
enforcement  officers  using  hand¬ 
held  readers  also  will  be  able  to 
quickly  check  whether  bottles 
they  recover  have  been  reported 
stolen.  Graham  says  he  often 

Continued  on  Page  20 


IT  staff  while  2  percent  expected 
to  trim  staff  levels.  The  9  percent 
net  gain  is  6  percentage  points 
higher  than  projections  from  a 
year  ago. 

Business  expansion  was  cited 
by  41  percent  of  respondents  as 
the  main  driver  behind  IT  hiring. 

-Megan  Santosus 


IT  Hiring  Perks  Up^\ 


MANAGEMENT  REPORTS 

The  IT  job  market  has  been  in 
the  doldrums  for  so  longthat  it 
seemed  a  permanent  condition. 
Things  are  starting  to  change, 
according  to  two  recent  surveys. 
Pay  tied  to  specific  IT  skills  has 
risen,  and  hiring  plans  are  up. 
But  the  optimism  is  limited  to  a 
few  specific  job  categories. 

According  to  David  Foote, 
president  and  chief  research 
officer  of  IT  research  firm  and 
management  consultancy  Foote 
Partners,  pay  is  on  the  rise  for 
certain  skills.  Foote  Partners 
conducted  a  study  involving 


45,000  IT  employees  at  1,860 
organizations  in  North  America 
and  Europe.  The  hottest  skills, 
Foote  says,  are  those  associated 
with  application  development, 
groupware,  networking  and 
messaging.  For  employees  in  the 
networking  arena,  pay  was  up  an 
average  of  6  percent  in  the  past 
year,  followed  by  a  4.5  percent 
increase  for  IT  pros  with  group¬ 
ware/messaging  expertise,  and 
a  4  percent  boost  for  staffers  in 
applications  development  and 
programming  languages. 

CIOs  said  they  expected  a 
modest  rise  in  IT  hiring  during 


this  first  quarter  of  2005, 
according  to  the  Robert  Half 
Technology  IT  Hiring  Index  and 
Skills  Report,  which  polled  more 
than  1,400  CIOs  at  randomly 
selected  U.S.  companies  with 
more  than  100  employees.  The 
report  also  found  that  11  percent 
of  respondents  planned  to  add 


www.cio.com  |  FEBRUARY  1.  2005 


19 


WI-FI  HITS 

INTERSTATE  REST  STOPS 


wireless  technology  One  of  the  strangest  I  nternet 
innovations  in  recent  history  was  Microsoft’s  Internet  toilet  project. 
It  was  a  widely  reported  weird-news  item  in  the  spring  of  2003,  later 
revealed  to  be  a  hoax,  only  later  yet  to  be  confirmed  by  Microsoft 
as  an  actual  project,  albeit  a  defunct  one.  The  gist  of  the  story  was 
that  Microsoft  U.K.  wanted  to  create  a  portable  toilet,  the  iLoo,  with 
a  built-in  high-speed  Internet  connection,  wireless  keyboard  and 
height-adjustable  plasma  monitor— a  contraption,  so  they  said, 

that  would  appeal  to  the 
British  market. 

Now  it  seems  that  the  rest 
room  and  the  Internet  are 
converging  yet  again.  The 
latest  front  in  the  wireless 
hotspot  movement  is  the 
interstate  rest  area.  “I  know 
it  sounds  strange  at  first, 
but  when  you  think  about  it, 
rest  areas  are  a  great  fit  for 
Wi-Fi,”  says  Mark  Wheeler, 
CEO  of  I  Spot  Networks,  a 

wireless  Internet  service  provider.  Wheeler  notes  that  highway 
travelers  often  actively  seek  out  an  Internet  connection  because 
the  Internet  has  become  so  integral  to  21st  century  life. 

Working  in  conjunction  with  state  transportation  departments, 

I  Spot  Networks  is  rolling  out  hotspots  along  interstates  in  Iowa, 
Missouri  and  Nebraska.  The  company  also  targets  more  conven¬ 
tional  hotspot  locations,  such  as  hotels  and  coffee  shops,  but  it 
believes  that  heavily  traveled  interstate  corridors  are  an  overlooked 
hotspot  opportunity. 

In  terms  of  rest  area  hotspots,  a  large  effort  is  under  way  in 
Texas.  In  October  2003,  the  Texas  Department  of  Transportation 
launched  a  project  to  provide  free  wireless  Internet  access  in  all 
of  the  state’s  rest  areas  and  welcome  centers,  a  project  that  they 
expect  to  complete  by  late  2005. 

“Our  main  goal  is  safety,"  says  Andy  Keith,  safety  rest  area 
program  manager  for  the  Texas  DoT’s  maintenance  division. 
“Anything  we  can  do  to  encourage  travelers  to  take  more  breaks 
makes  our  roadways  safer.”  Keith  adds  that  additional  safety 
features  can  be  pushed  over  the  hotspots  to  visitors,  such  as 
weather  updates  and  road  conditions. 

Michigan  has  also  entered  the  rest-area  hotspot  movement, 
having  partnered  with  SBC  Communications  to  deploy  hotspots 
in  state  parks,  welcome  centers  and  several  rest  areas.  Other  states 
may  soon  follow  suit.  “I’m  contacted  all  the  time  by  officials  from 
other  states,”  Keith  says,  “but  I  think  they’re  waiting  to  see  how 
much  success  we  have  in  Texas  before  jumping  in  themselves." 

-Jeff  Vance 


The  Drug  Industry  Self-Polices 


Continued  from  Page  19 

gets  calls  from  state  troop¬ 
ers  who  have  found  Oxy- 
Contin  bottles  on  a  suspect. 
“Using  RFID  we’ll  be  able 
to  trace  the  bottles  to  spe¬ 
cific  pharmacies  that  have 
been  robbed,”  he  adds.  “For 
the  first  time,  the  industry 
will  be  able  to  help  law 
enforcement  here.” 

While  RFIDs  can  help 
stem  financial  losses  due 
to  theft,  the  technology 
doesn’t  come  cheap.  Purdue 
Pharma  plans  to  invest 
$2  million  in  infrastructure 
and  30  cents  to  50  cents  for 
each  RFID  label.  The  com¬ 
pany  also  plans  to  donate 
handheld  readers  to  each 
FBI  field  office  and  various 
other  law  enforcement 
agencies.  “Anybody  con¬ 
cerned  about  patient  safety 
needs  to  make  this  invest¬ 
ment,”  Graham  says.  Chuck 
Nardi,  Purdue  Pharma’s 
information  officer  of  com¬ 
mercial  systems,  says  data 
read  from  RFID  labels  will 
be  integrated  into  the  corn- 


individual  customer  bottles. 

RFID  won’t  be  a  cure-all 
for  the  theft  and  counter¬ 
feit  problems  that  plague 
the  drug  industry,  how¬ 
ever,  says  Forrester  analyst 
Laura  Ramos.  “Until  other 
industries  such  as  retail 
are  more  successful  with 
RFID,  I  would  be  concerned 
[the  drug  companies]  don’t 
have  a  good  example  to  fol¬ 
low,”  Ramos  says.  Ramos 
also  points  out  that  efforts 
to  track  the  drugs  may  not 
work  if  RFID  isn’t  widely 
adopted  by  wholesalers 
and  others  in  the  distribu¬ 
tion  chain.  “Until  we  figure 
out  a  way  to  regulate  the 
smaller  distributors  out 
there,  there  will  be  doors 
open  for  fraud,  counterfeit 
and  theft  to  occur,”  she  says. 

Graham  and  Nardi 
counter  that  they  are 
already  shipping  the  RFID 
bottles  to  retailers  Wal- 
Mart  and  H.D.  Smith 
Wholesale  Drug  and  are 
receiving  data  from  phar- 


RFID  FANS:  AARON  GRAHAM  (left),  VP  and  chief  security 
officer,  and  CHUCK  NARDI,  information  officer  of  commercial 
systems,  say  that  RFID  technology  will  help  Purdue  Pharma 
get  valuable  information  about  its  OxyContin  prescription  drug. 


pany’s  SAP  system  and 
provide  valuable  informa¬ 
tion  on  “which  customers 
got  which  bottles  on  which 
date.”  For  the  moment, 
RFID  labels  will  go  on  only 
the  larger  bottles  sent 
to  pharmacies,  not  the 


macies  that  have  RFID 
readers.  While  not  fail-safe, 
“RFID  is  the  best  technol¬ 
ogy  I’ve  seen  in  20  years  to 
identify  counterfeit  drugs 
and  deter  counterfeiters,” 
Graham  says. 

-Susannah  Patton 


H 

» 

n 

2 

a 

r 

M 

2 

n 

01 


2  0 


FEBRUARY  1,  2005  I  www.cio.com 


! 


PHOTO  LEFT  BY  GDT/GETTY  IMAGES 


OUR  KNOWLEDGE  OF 
WHAT  CIOs  NEED  GOES  BACK 

-  and  forward - - 


A  LONG  WAY 


While  the  title  of  CIO  may  not  have  existed  65  years 
ago,  that’s  how  long  Fujitsu  has  been  developing 
innovative  technology  solutions  for  the  world’s 
leading  companies. 

Today,  we’re  leveraging  our  multi-billion  dollar 
annual  R&D  budget  to  give  CIOs  the  powerful  new 
enterprise  solutions  they  need  to  automate  even 
the  most  complex  business  infrastructures.  Our 
customers  and  business  units  work  closely  with  our 
research  teams  to  guide  new  product  development. 
This  teamwork  ensures  our  discoveries  make  it  out  of 
the  lab  and  into  the  enterprise. 

Of  course,  there’s  a  lot  more  to  a  $45-billion 
company  than  just  R&D.  Our  high-performance  mobile 
computers,  scalable/reliable  servers,  and  managed  and 
professional  services  also  give  CIOs  all  the  tools  they 
need  for  a  world-class  IT  partnership.  For  details  go  to 
us.fujltsu.com/computers  or  call  I  -800-83 1  -3 1 83. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 


©2004  Fujitsu  Compute'-  Systems  Corporation.  All  rights  reserved.  Fujitsu,  the  Fu|itsu  logo  and  LifeBook  are  registered  trademarks  of  Fujitsu  Limited.  PRIMEPOWER  Is  a  trademark  or  registered  trademark  of 
Fujitsu  Limited  in  the  United  States  and  other  countries.  Syiistic  is  a  registered  trademark  of  Fujitsu  Computer  Systems  Corporation.  PRIMERGY  is  a  registered  bademark  of  Fujitsu  Siemens  Computers  GmbH. 


5  Wits  founder  MATT  DuPLESSIE  (left)  created  Tomb,  an  Egyptian-inspired  interactive  adventure  that  pits  teams  of  flashlight  wielding  “explorers” 
against  the  Pharaoh’s  challenges.  An  explorer  (right)  enters  Tomb  where  computer-controlled  special  effects  guide  visitors  in  a  puzzle-solving  adventure. 


The  New  Pocket-Sized  Theme  Park  Concept 


INTERACTIVE  ENTERTAINMENT 

Ever  wanted  to  own  your  own  theme-park 
attraction— not  some  Sim  video  game,  but  a 
real,  walk-through  interactive  adventure  with 
tricks,  traps  and  puzzles?  Say,  something 
themed  around  an  Egyptian  tomb,  with 
collapsing  ceilings,  shifting  floors,  waterfalls 
and  fog? 

Until  now,  you  had  to  be  a  Disney  mogul 
to  pull  off  something  so  sophisticated.  But 
technology  has  made  it  more  viable  for 
individuals  to  play  theme-park  entrepreneur— 
both  in  terms  of  cost  and  space.  In  fact,  the 
fun  house  described  above  exists.  And  it  cost 
less  than  $1  million  to  build  and  fits  in  just 
6,000  square  feet  (including  gift  shop  and 
Starbucks-style  cafe)  tucked  into  a  commer¬ 
cial  block  on  the  south  side  of  Boston’s 
Fenway  Park. 

This  pocket  theme  park  is  called  Tomb, 
conceived  by  27-year-old  Matt  DuPlessie, 
who  parlayed  an  MIT  mechanical  engineering 
degree,  a  Harvard  MBA  and  a  stint  as  a 
project  manager  for  a  Walt  Disney  contractor 
to  become  a  real-life  dungeon  master. 

Tomb,  opened  in  October  2004,  is  the  first 
urban  adventure  for  DuPlessie’s  company, 
5Wits.  It  challenges  groups  of  three  to  15 
people  to  enter  a  painstakingly  recreated 
Egyptian  archaeology  site,  move  through 
tomb  chambers  solving  puzzles  and  emerge 
alive  (or  not).  A  pharaoh’s  ghost  taunts  and 
challenges  the  adventurers  throughout  the 
journey,  which  takes  about  40  minutes. 
Uniquely,  the  pharaoh,  with  furtive  assistance 
from  a  live  “guide,”  can  make  the  riddles 
easier  or  harder  depending  on  how  well  the 
group  is  doing,  truly  customizingthe  experi¬ 
ence.  In  effect,  “the  show  isn’t  happening  to 


the  visitors,  the  visitors  are  happening  to  the 
show,”  says  DuPlessie. 

The  required  participation  is  a  big  shift  in 
perspective— one  that  many  visitors  don’t 
anticipate.  At  first  they  mill  about,  expecting 
events  to  unfold,  when  in  fact,  they  have  to  act 
to  trigger  events.  For  example,  a  riddle  tells 
explorers  to  illuminate  the  pharaoh’s  face.  It’s 
up  to  the  guests  to  pick  up  two  polished  metal 
mirrors  and  figure  out  how  to  use  them.  Their 
task:  to  bend  a  light  beam  to  shine  on  the 
appropriate  spot  in  the  chamber  (where  a 
photo  sensor  will  then  trigger  one  of  Tomb’s 
finales).  And  in  this  adventure,  failure  is  an 
option,  rewarded  by  the  simulated  demise  of 
your  entire  party. 

DuPlessie  programmed  the  whole  Tomb 
show  by  himself  in  a  few  months,  proving,  he 
says,  that  the  technology  is  becoming 


suitable  for  "the  average  Joe.”  The  program 
that  runs  all  of  Tomb’s  effects  and  events  fits 
on  three  compact  flash  memory  cards,  the 
kind  that  hold  photos  in  digital  cameras.  The 
hardware  DuPlessie  uses  sits  on  a  rack  in  a 
space  no  bigger  than  a  walk-in  closest. 

The  downsized  theme-show  technology 
is  so  portable,  it  allows  DuPlessie  to  take  his 
concept  on  the  road.  After  a  year,  Tomb  will 
be  disassembled,  packed  and  shipped  to  a 
new  downtown  location  in  another  city,  and 
a  whole  new  adventure  will  fill  its  Fenway 
space.  DuPlessie  says  he’s  considering  a 
James  Bond-style  adventure  or  an  underwater 
struggle  modeled  on  Jules  Verne’s  20, 000 
Leagues  Under  the  Sea.  He's  already  noodling 
ways  to  submerge  guests  without  actually 
drowningthem. 

- Richard  Pastore 


MAYBE  LAWYERS  SHOULD 

BILL  BY  THE  PROJECT,. 

Since  September  2003,  the  Recording 
Industry  Association  of  America 
filed  7,700  lawsuits  against  defen- 

m 

dants  for  alleged  file-trading  Violations 
on  peer-to-peer  networks. 


2  2 


1 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  TOP  LEFT  BY  RICHARD  PASTORE;  TOP  RIGHT  COURTESY  OF  5WITS:  BOTTOM  BY  NICHOLAS  RIGG/GETTY  IMAGES 


We  put  a  single  platform,  mobile  data 
and  security  in  your  hands.  Now  you  can 
put  the  enterprise  in  theirs. 


Now  the  BlackBerry  Enterprise  Solution  allows  your  business 
applications  to  be  accessed  virtually  anywhere.*  Whether  it's  email, 
ERP,  CRM  or  document  management  systems,  our  solution  is  built 
on  an  open,  secure  platform  that  can  wirelessly  extend  your  existing 
applications  so  you  won't  have  to  rebuild  or  replace  them.  Best  of 
all,  the  BlackBerry  Enterprise  Solution  is  a  proven  platform,  deployed 
by  tens  of  thousands  of  organizations  around  the  world,  which 
means  wireless  access  to  data  can  be  managed  by  your  IT  staff 
with  more  confidence. 


The  BlackBerry  Enterprise  Solution  Difference 

•  Provides  advanced  security  including  triple  DES 
encryption,  handheld  password  protection, 
wireless  IT  security  commands  and  policies 

•  Includes  server  software,  wireless  handhelds, 
wireless  service  and  support  programs 

•  Provides  flexible  application  deployment  - 
build  in-house  or  with  help  from  an  independent 
software  vendor 

•  Delivers  centralized  manageability  and 
simplified  implementation 


Get  your  "BlackBerry 
Extensibility  Kit" 
Today! 


More  Than  Wireless  E-mail 
Order  the  BlackBerry  Extensibility  Kit  to  find 
out  how  you  can  improve  the  effectiveness  and 
efficiency  of  your  organization. 

Visit:  www.blackberry.com/go/exkit 


BlackBerry, 


©  2004  Research  In  Motion  Limited  (RIM).  All  nghts  reserved  BlackBerry  is  an  end-to-end  wireless  solution  developed  by  RIM.  The  RIM  and  BlackBerry  families  of  related  marks,  images  and  symbols  are  the  exclusive  properties  and  trademarks  of  RIM.  RIM,  Research  In  Motion.  'Always  On,  Always  Connected’, 
BlackBerry  and  the  BlackBerry  logo  are  registered  with  the  U.S.  Patent  and  Trademark  Office  and  may  be  pending  or  registered  in  other  countries.  ‘Check  with  service  provider  for  availability,  roaming  arrangements  and  service  plans.  Certain  features  outlined  in  this  document  require  a  minimum  version  of 
BlackBerry  Enterprise  Server  Software,  BlackBerry  Desktop  Software,  and/or  BlackBerry  Handheld  Software  and  may  require  additional  development  or  third  party  products  and/or  services  for  access  to  corporate  applications.  Prior  to  subscribing  to  or  implementing  any  third  party  products  and  services,  it 
is  your  responsibility  to  ensure  that  the  airtime  service  provider  you  are  working  with  has  agreed  to  support  all  of  the  features  of  the  third  party  products  and  services.  Installation  and  use  of  third  party  products  and  services  with  RIM’s  products  and  services  may  require  one  or  more  patent,  trademark  or 
copyright  licenses  in  order  to  avoid  infringement  of  the  intellectual  property  rights  of  others.  You  are  solely  responsible  for  determining  whether  such  third  party  licenses  are  required  and  are  responsible  for  acquiring  any  such  licenses.  To  the  extent  that  such  intellectual  property  licenses  may  be  required, 
RIM  expressly  recommends  that  you  do  not  install  or  use  these  products  and  services  until  all  such  applicable  licenses  have  been  acquired  by  you  or  on  your  behalf.  Your  use  of  third  party  software  shall  be  governed  by  and  subject  to  you  agreeing  to  the  terms  of  separate  software  licenses,  if  any,  for  those 
products  or  services.  Any  third  party  products  or  services  that  are  provided  with  RIM's  products  and  services  are  provided  "as  is”.  RIM  makes  no  representation,  warranty  or  guarantee  whatsoever  in  relation  to  the  third  party  products  or  services  and  RIM  assumes  no  liability  whatsoever  in  relation  to  the  third 
party  products  and  services  even  if  RIM  has  been  advised  of  the  possibility  of  such  damages  or  can  anticipate  such  damages. 


© 


Information 

Management 

Concerns 


o  IT  and  business  alignment 
Retaining  IT  professionals 
o  Security  and  privacy 
IT  strategic  planning 
o  Speed  and  agility 
o  Government  regulation 
Complexity  reduction 

;  | 

IT  governance 

•jl  Information  architecture 
Ca  tie  with  above) 


•J  Business  process 
reengineering 


SOURCE:  Survey  of  nearly  300  firms  conducted 
by  the  Society  for  Information  Management 


24 


on  the  move  After  three  years 
as  vice  president  and  CIO  at  PepsiCo’s 
beverages  and  foods  division,  Bruce 
Carver,  43,  was  hired  as  vice  president 
and  CIO  at  automotive  parts  supplier 
Dana  in  August  2004.  Carver  joins  an 
impressive  list  of  CIOs  who  logged  time 
within  PepsiCo’s  IT  ranks  prior  to  mov¬ 
ing  on  to  other  companies. 

Among  the  current  CIOs  who  at  one 
time  worked  at  the  food  and  beverage 
giant  are  Bill  Franks 
of  Saks,  Bill  Homa  of 
Hannaford  Bros., 

Kathy  Lane  of  Gillette, 

Patricia  Morrison  of 
Office  Depot  and 
Rafael  Sanchez  of 
Burger  King.  For  his 
part,  Carver  doubts 
that  he  would  have 
landed  on  Dana’s 
radar  without  his 
PepsiCo  experience. 

“Pepsi  is  a  very 

complex  organization,”  Carver  says. 
“Having  the  opportunity  to  learn  how 
to  maneuver  through  such  a  complex 
business  is  invaluable  experience  for 
an  IT  executive.” 

PepsiCo  is  one  of  a  handful  of  compa¬ 
nies,  including  General  Electric,  Honey¬ 
well  and  Procter  &  Gamble,  that  are 
known  among  CIOs  and  headhunters 
as  CIO  factories,  regularly  turning  out 
high-caliber  IT  executives  who  move 
on  to  become  CIOs  elsewhere. 

PepsiCo’s  reputation  as  a  CIO  fac¬ 
tory  is  attributed  to  the  company’s 
size  and  complexity  as  well  as  the 
number  of  IT  executives  who’ve  left 
to  move  into  CIO  positions  with  other 
organizations.  Many  IT  executives  have 
left,  says  one  headhunter  who  didn’t 
want  to  be  named,  because  PepsiCo 
was  for  years  a  marketing-  and 
finance-driven  company,  and  IT 


didn’t  garner  much  support. 

Carver  says  the  status  of  IT  within 
PepsiCo  started  to  change  when  Tom 
Trainer  joined  as  global  CIO  in  May 
2003.  Indeed,  Carver  didn’t  leave 
PepsiCo  because  IT  wasn’t  valued. 
When  he  was  contacted  by  Dana  in 
June  2004,  Carver  was  heavily 
involved  with  an  ERP  implementation 
and  wasn’t  actively  looking  for  a  new 
job.  Yet  he  was  receptive  to  Dana’s 
pitch  because  he 
wanted  to  be  a 
global  CIO,  an 
opportunity  he  felt 
he  wouldn’t  have  at 
PepsiCo  since 
Trainer  had  recently 
stepped  into  that 
position.  “There 
aren’t  too  many 
opportunities  for 
global  CIO  jobs, 
so  when  Dana 
approached  me,  I 

was  intrigued,”  Carver  says.  In  consid¬ 
ering  the  Dana  job,  Carver  felt  he  could 
do  more  for  the  bottom  line  there  than 
he  could  in  his  divisional  CIO  role  at 
PepsiCo.  In  addition,  there  was  a  good 
fit  between  Dana’s  needs  and  Carver’s 
skills.  Mike  Burns,  who  joined  Dana 
as  CEO  in  March  2004  (and  to  whom 
Carver  reports),  was  looking  for  a 
CIO  who  could  help  the  100-year-old 
holding  company  integrate  its  dis¬ 
parate  divisions.  Carver  has  a  history 
of  working  on  large  integration  and 
change  management  projects;  while 
at  PepsiCo  he  was  in  charge  of  the  IT 
systems  integration  when  the  com¬ 
pany  acquired  Quaker  Oats  and  Tropi- 
eana.  In  the  end,  says  Carver,  the 
ability  to  positively  shape  the  business 
was  a  key  factor  in  his  decision  to  take 
the  Dana  job. 

- Meridith  Levinson 


BRUCE  CARVER, 

VP  and  CIO  of  Dana,  logged 
time  in  PepsiCo’s  IT  ranks. 


FEBRUARY  1,  2005  |  www.cio.com 


TRENDLINES 


Whether  it's  around  the  office  or  around  the  world,  Ricoh  gives  you  the  latest  technology  to  scan,  send  and  manage 
ideas  every  step  of  the  way.  Turn  your  inspiration  into  a  colorful  reality  with  Ricoh's  document  management  solutions. 


How  well  do  you  share? 


KMO' 

Image  Communication 


Alicio” 


The 


Little  List 


CRAIG  NEWMARK,  a  computer  engineer  by  training,  started  Craigslist  in  1995.  Launched  as  a  modest 
local  e-mail  newsletter  in  San  Franscisco,  Craigslist  now  serves  75  cities,  has  $10  million  to  $15  million  in  rev¬ 
enues,  and  counts  eBay  as  a  major  investor. 


online  communities  Want  a 
date?  Looking  for  a  job?  How  about  unload¬ 
ing  that  old  sofa?  If  you  answered  yes  to 
any  of  these  questions,  you  may  have  already 
stumbled  upon  Craigslist  ( www.craigslist.org ), 
the  hottest  Web  bulletin  board  and  online 
community  on  the  Internet. 

Started  by  San  Francisco  Bay-area  com¬ 
puter  engineer  Craig  Newmark  in  1995, 
Craigslist  has  morphed  from  a  small- 
circulation  e-mail  newsletter  into  an  online 
institution  and  first  stop  for  Internet  users 
of  all  stripes  who  are  looking  to  buy,  sell, 
meet  or  otherwise  communicate.  Now 
serving  more  than  75  cities  worldwide, 
and  6  million  visitors  a  month,  Craigslist 
is  disarmingly  simple,  employing  a  text- 
and-link  design  that  screams  1996.  But 
the  site  is  a  scrappy  survivor  of  the  dotcom 
bust  that  decimated  many  prettier  startups. 

Customer  service  is  Newmark’s  mantra— 
and  it’s  his  answer  to  just  about  every  ques¬ 
tion  having  to  do  with  Craigslist’s  success 
and  its  mission.  “There’s  no  scientific 
methodology  here,”  Newmark  says,  “and 
that’s  probably  a  good  thing.  People  try  to 
make  decisions  by  looking  at  statistics,  and 
most  of  the  time  they’re  fooling  themselves. 
If  you  provide  good  customer  service  on  a 
regular  basis,  people  will  notice.” 


That  may  strike  some  as  starry-eyed,  but 
Newmark  has  been  able  to  turn  his  obses¬ 
sion  into  a  nice  living,  says  Charlene  Li,  a 
principal  analyst  for  devices,  media  and 
marketing  at  Forrester.  “Craigslist  is  making 
between  $5  million  and  $10  million  with 
just  15  employees,”  she  says.  The  revenue 


comes  only  from  fees  for  posting  help- 
wanted  ads. 

eBay,  which  knows  a  little  something 
about  online  communities,  has  taken  note. 
Last  summer,  the  online  auctioneer  pur¬ 
chased  a  25  percent  stake  in  Craigslist. 

-Paul  Roberts 


That  Could 


WHAT  SEARCHING 

SAYS  ABOUT  BUYING 


online  shopping  Consumers’  use  of  online  search  engines 
can  say  a  lot  about  their  buying  tendencies.  In  a  study  conducted  by 
consumer  market  research  company  ComScore  Networks,  senior 
analyst  Graham  Mudd  analyzed  search  engine  usage  among  people 
looking  to  purchase  computer  products  and  consumer  electronics 
equipment.  Such  products,  says  Mudd,  typically  are  not  impulse  buys 
and  involve  plenty  of  prepurchase  research;  hence  consumers’  use  of 
search  engines  to  gather  information  about  high-tech  products  yields 
some  interesting  findings.  Among  the  most  surprising  tidbit:  So- 
called  branded  search  terms  using  specific  brand  or  model  names 
don’t  lead  consumers  to  purchase  at  higher  rates  than  using  generic 
terms.  That  discovery,  says  Mudd,  is  counterintuitive. 


OTHER  FINDINGS: 

»  25%  of  people  who  searched  online  for  computer  products 
or  consumer  electronics  purchased  a  product  in  that  category 
within  90  days. 

»  92%  of  the  “search-influenced”  purchases  were  made  offline. 

»  Most  of  the  remaining  8%  of  consumers  who  purchased  online 
did  so  during  a  subsequent  online  session. 

»  70%  of  the  search  volume  involved  generic  terms  (such  as 
“plasma  TV”  or  "digital  camera”);  60%  of  the  searches  that 
resulted  in  purchases  (known  as  the  conversion  rate)  used 
generic  terms. 

THE  TAKE-AWAYS  FOR  ONLINE  RETAILERS: 

»  Websites  should  have  plenty  of  product  information;  online 
sales  don’t  indicate  a  site’s  ultimate  value;  and-for  those 
retailers  with  brick-and-mortar  operations— directions  to  a 
store  should  be  an  online  no-brainer.  -Megan  Santosus 


2  6 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  ERIC  RISBERG/AP/WIDE  WORLD  PHOTOS 


AptSoft  brings  you  a  whole  new  world  of  IT  alignment.  Its  paradigm-shifting  Event-Driven  Application  Collaboration™ 
software  dramatically  simplifies  the  alignment  of  existing  IT  systems  with  mission-critical  business  processes  because 
it  is  2X  more  collaborative,  3X  more  cost-effective,  5X  faster,  and  10X  more  flexible. 


Visit  us  at  www.aptsoft.com/challenge  and  take  the  AptSoft  Challenge.  See  how  you  can  align  your  existing 
systems  with  a  mission-critical  business  process — and  win  big! 


©  2004  AptSoft  Corporation.  All  rights  reserved. 

*Rules,  restrictions  and  limitations  apply.  Please  see  the  AptSoft  Challenge  website  at 
www.aptsoft.com/challenge  for  the  rules,  restrictions,  and  limitations  to  the  AptSoft  Challenge. 
You  may  also  request  a  copy  of  these  rules  to  be  mailed,  emailed,  or  faxed  to  you  by  contacting 
the  AptSoft  marketing  department  at  AptSoft  Corporation,  20  Mall  Road,  Burlington,  MA  01803, 
phone:  781-270-4900,  fax:  781-270-4904,  and  email:  info@aptsoft.com. 


AptSoft 

IK 


ADVERTISING  SUPPLEMENT 


Fast  T rack 

^Alignment 

Agility  in  Today’s  Hyper-Competitive  Market  Requires 
Aligning  IT  with  Your  Business:  How  Two  CIOs  Closed  the 
“Alignment  Gap"  With  a  New  Approach 


An  insurance  company  with  more  than  $13  billion  in  assets 
finds  its  potential  online  customers  slipping  through  its  fingers. 
Another  enterprise— one  that  prides  itself 
on  its  expertise  in  building  customer  loyal¬ 
ty— can't  quite  harness  the  customer  infor¬ 
mation  of  its  clients  in  real  time. 

Two  unique  process  breakdowns,  one 
common  solution:  Alignment. 

These  two  companies  required  busi¬ 
ness  process/IT  alignment  to  quickly  har¬ 
monize  existing  technology  with  business 
strategies,  goals  and  processes.  To 
achieve  alignment— a  task  they  realized 
surpasses  traditional  solutions— they 
turned  to  AptSoft’s  unique  technology  that 
supports  a  new  approach:  Complex  Event 
Processing  (CEP). 

The  AptSoft  results  are  impressive:  Development  timeframes 


Business  Process 


CIOs  realize  that 
the  alignment  gap 
is  a  barrier  to 
greater  agility. 


shrank  from  months  to  days  and  increased  revenues  and 
reduced  costs  were  captured  within  weeks  of  deployment, 
resulting  in  double-  and  even  triple-digit 
ROIs.  Read  on  to  learn  how  these  CIOs 
closed  the  alignment  gap— and  then  see 
whether  your  organization  is  ready  to  take 
the  AptSoft  Challenge! 

Re:  Alignment  and  the  Role  of 
EDAC  Driven  CEP 

For  years,  business  process/IT  alignment, 
defined  as  the  ability  for  IT  to  control  the 
execution  of  the  right  process,  at  the  right 
time,  in  the  right  sequence,  for  the  right  busi¬ 
ness  purpose  has  been  at  the  top  of  corpo¬ 
rate  “to  do"  lists  for  business  and  IT  leaders 
alike.  Indeed,  as  more  companies  grasp 
alignment's  impact  on  corporate  agility,  the  practice  translates 
into  a  competitiveness  issue,  says  Mark  Ehr,  research  director  at 
Enterprise  Management  Associates,  a  technology  analyst  firm. 
“Particularly  in  verticals  such  as  financial  services,  people  are 
jumping  on  fhe  [alignment]  bandwagon  because  they  realize  they 
must  do  so  in  order  to  stay  competitive,”  Ehr  says. 

Because  alignment  requires  IT  infrastructure  to  perform  at 
new  levels  of  speed,  cost-effectiveness,  flexibility  and  collabora¬ 
tion  between  systems,  machines  and  people,  progress  is  almost 
always  frustratingly  slow.  One  of  the  challenges  is  that  traditional 
integration  or  process  management  solutions  require  generous 
doses  of  brittle  custom  code  to  handle  the  complexity,  dynamics 
and  closed-loop  monitoring  requirements  when  operationalizing 
business  processes. 

Now,  though,  there’s  a  better  approach— Complex  Event 
Processing  using  AptSoft's  Event-Driven  Application 
Collaboration™  (EDAC)  technology,  which  senses  event  pat¬ 
terns  in  all  layers  of  IT  infrastructure,  evaluates  them  and  gener- 


Alignment  Gap 


Existing  Systems 


APPLICATIONS  ■  DATABASES 


MACHINES 


WEB 

SERVICES 


HOSTED 
APPLICATION 


ADVERTISING  SUPPLEMENT 


ates  responses  in  real  time.  “We  are  seeing  a  lot  of 
movement  toward  event-driven  technology— which 
could  help  bring  about  the  ultimate  in  alignment 
between  IT  and  business,"  says  Les  Yeamans,  founder 
of  New  Rochelle,  N.Y.-based  ebizQ.net,  a  Web  portal 
focused  on  business  integration. 

Behind  the  Curtain 

The  software  architecture  designed  by  AptSoft  is  very 
unique.  Commercial  integration  software  and  custom- 
coded  solutions  depend  upon  a  predictable  set  of  stable 
business  requirements,  but  by  focusing  on  the  require¬ 
ments  for  alignment,  AptSoft  took  a  different  path. 

“We  realized  that  alignment  requires  an  approach  that 
is  flexible,  fast,  cost-effective  and  enables  collaboration 
between  systems,  machines  and  people,”  says  David 
Cameron,  AptSoft's  vice  president  of  strategic  products, 
“and  that  is  the  opposite  of  what  yesterday’s  solutions 
provide."  So  features  such  as  a  user  interface  that  simpli¬ 
fies  the  authoring  of  complex  event  patterns  and  a  uni¬ 
fied  metadata  layer  shared  by  all  components  are  critical 
differentiators  for  alignment.  Says  Cameron:  “We 
assumed  a  moving  set  of  requirements,  and  built  our 
software  to  enable  our  customers  to  execute  against 
them  successfully  over  and  over  again." 

AptSoft  CEO  Frank  Chisholm  says  that's  why 
AptSoft’s  approach  is  so  compelling  and  relevant  to 


the  objectives  of  today’s  CIOs.  “A 
major  paradigm  shift  is  required 
for  CIO’s  to  support  corporate 
agility.  That  shift  is  represented 
by  the  emerging  need  for  EDAC 
Driven  CEP  technology  to  enable 
the  seamless  collaboration  of 
existing  elements  of  IT  infra¬ 
structure  in  support  of  strategic 
objectives.” 


EDAC  Driven  CEP 


Existing  Systems 


II 


Take  the  AptSoft  Challenge 

How  serious  is  AptSoft  about 
helping  companies  achieve  busi¬ 
ness  process/IT  alignment?  So 
serious  that  Frank  Chisholm 
invites  you  to  take  the  AptSoft 
Challenge.  Here’s  how  he 

describes  it:  “Together,  we  identify  a  strategic  business 
process  with  which  to  align  your  existing  IT  systems. 
We  are  so  confident  that  we  can  deliver  a  working  pro¬ 
totype  in  five  person-days,  that  if  we  don’t,  we  will  pay 
for  the  IT  resources  assigned  to  this  project  for  those 
days.” 


AptSoft’s  EDAC  Driven  CEP  technology  closes  the 
alignment  gap. 


Don’t  miss  this  chance  to  close  the  alignment  gap  at  your 
organization.  Visit  us  at  www.aptsoft.com  and  take  the 
AptSoft  Challenge. 


Case  Study:  Insuring  Results 


To  bring  in  new  business,  an  insurance 
company  (which,  for  competitive  reasons, 
prefers  to  remain  anonymous)  had  set  up 
a  self-service  Web  site  targeted  at  con¬ 
sumers.  But  results  weren’t  measuring  up. 

So  the  company’s  CIO  offered  a  num¬ 
ber  of  vendors  the  opportunity  to  solve 
this  strategic  problem:  Too  little  Web  site 
traffic  was  turning  into  business,  particu¬ 
larly  in  comparison  with  key  competitors. 
That,  in  turn,  was  reducing  revenues  and 
marketing  effectiveness. 

Four  specific  problems  needed  to  be 
addressed: 

•  A  significant  percentage  of  quote 
requests  started  online  by  consumers 
were  simply  abandoned  incomplete.  The 
company  had  no  good  method  for  trying 
to  rekindle  this  business. 

•  When  consumers  submitted  quote 


requests  for  automobile  insurance,  if  they 
failed  to  provide  a  vehicle  identification 
number,  the  system  would  simply  provide 
a  default  price  based  on  the  most  expen¬ 
sive  class  of  coverage— a  luxury  automo¬ 
bile,  for  example.  This  would  often  fright¬ 
en  off  prospective  customers,  so  the 
company  wanted  a  timely  way  to  indicate 
that  providing  the  vehicle  number  would 
yield  a  more  accurate  and  probably  much 
more  appealing  price. 

•  When  consumers  claimed  to  have 
had  no  motor-vehicle  violations  for  two  or 
more  years,  the  insurer  needed  to  be 
able  to  seek  clarification  if  its  own  infor¬ 
mation  was  at  odds  with  this  assertion. 

•  Finally,  the  company  wanted  an 
“upsell”  mechanism  allowing  individuals  to 
acquire  additional  coverage  for  a 
nominal  charge. 


Together,  the  four  challenges  involved 
the  Web  application  itself,  the  call  center 
infrastructure  and  the  company’s  central 
database,  which  ran  on  an  IBM  mainframe. 

Based  on  the  compelling  returns,  the 
fast  time-to-market  and  the  flexibility 
AptSoft  was  able  to  demonstrate  in  using 
CEP  with  its  EDAC™  technology,  the 
company  gave  AptSoft  the  go-ahead  to 
build  a  solution.  David  Cameron,  AptSoft’s 
vice  president  of  product  integration,  says 
that  once  his  team  got  the  go-ahead,  it 
took  just  two  weeks  to  complete  develop¬ 
ment.  Within  a  week  of  going  live,  the 
system  had  already  produced  dramatic 
results.  Indeed,  in  just  one  of  the  four 
functional  areas— quotes  in  which  the 
consumer  failed  to  provide  a  vehicle  iden¬ 
tification  number— the  system  delivered 
business  from  2,000  new  customers. 


Susan  Gramm  executive  coach  practical  ideas  for  powerful  i.t.  leadership 


IT:  Half-Full? 

Outsourcing  and  packaged  solutions  have  hollowed  out  IT.  Yet  CIOs  still  have  the  oppor¬ 
tunity  to  create  competitive  advantage— by  differentiating  customer-facing  processes. 


; 


2  8 


At  a  recent  CIO  magazine  conference,  an  attendee 
asked  me,  “What’s  left  for  IT?”  In  his  half-empty, 
zero-sum  world,  all  he  could  see— after  outsourc¬ 
ing  and  packaged  solutions  had  taken  their  toll — 
was  the  anemic  “brokering”  role  often  hypothesized  for  CIOs. 

His  perspective  is  consistent  with  that  of  executives  who 
have  decided  they  are  running  a  business  in  decline.  In  the 
effort  to  pump  up  short-term  results,  they  cut  budgets  and 
headcount.  The  best  people  escape;  product  quality  and  service 
decline;  customers  defect;  the  financial  situation  worsens;  and 
the  negative  cycle  repeats  and  reinforces  itself.  By  viewing  IT  as 
“half  empty,”  IT  executives  perversely  work  very  hard  to  make 
their  dire  predictions  come  true. 

Another  part  of  the  half-empty  mind-set  is  to  view  the  past 
through  rose-colored  glasses.  Many  CIOs  long  for  the  days 
when  all  the  technology  experts  and  gear  resided  under  one  roof, 
and  they  could  approve  projects  and  spend  money  without  the 
bureaucratic  hassle  of  executive  oversight. 

It’s  time  for  a  reality  check:  There  were  no  halcyon  days  of  IT. 
Since  its  birth  some  30  years  ago,  our  relatively  young  profes¬ 
sion  has  been  struggling  to  grow  up.  IT  is  just  starting  to  reach 
voting  age  in  those  companies  where  it  has  demonstrated  that 
value,  quality,  efficiency  and  innovation  are  not  mutually  exclu¬ 
sive.  For  less  mature  IT  organizations,  there  are  constraints 
and  consequences:  Struggling  CIOs  are  placed  in  the  equivalent 
of  juvenile  hall,  as  evidenced  by  the  increase  in  the  number  of 
CIOs  reporting  to  their  CFOs. 

Yet  a  bright  future  is  ahead  for  those  half-full  IT  executives 
who  understand  what’s  important  and  how  to  leverage  the  world 
around  them.  Every  organization  is  faced  with  the  challenge  of 


FEBRUARY  1,  2005  |  www.cio.com 


ILLUSTRATION  BY  ANTHONY  FREDA 


Microsoft 


WEIGHING  THE  REAL  COSTS  OF 
LINUX  AND  WINDOWS?  WEIGH  THE 
INTELLECTUAL  PROPERTY  RISKS,  TOO. 


"To  date,  IBM,  HP,  Novell,  Red  Hat,  and  other  Linux  vendors  offer 
only  limited  indemnification  against  intellectual  property  legal 
claims  with  exceedingly  low  liability  caps — or  no  protection  against 
third-party  legal  claims  at  all — leaving  companies  with  the  risk  of 
high  cost  litigation." 

-Laura  DiDio 
Senior  Analyst,  The  Yankee  Group 


When  evaluating  Linux  and  Windows®,  the  Yankee  Group,  a  global  research 
and  consulting  firm,  recommends  that  you  assess  your  company's  exposure 
to  the  cost  of  intellectual  property  disputes.  That's  because  companies  can  be 
sued  for  using  software  that  infringes  intellectual  property  owned  by  third 
parties.  Microsoft  offers  a  strong  indemnity  that  helps  protect  users  of  its 
flagship  products  from  legal  costs  associated  with  intellectual  property 
disputes.  In  comparison,  leading  Linux  vendors  offer  limited  or  no  indemnity. 
For  details  about  Microsoft's  indemnity,  visit  microsoft.com/indemnification 


To  see  a  video  interview  with  Yankee  Group  Senior  Analyst  Laura  DiDio  and 
for  other  third-party  findings,  visit  microsoft.com/getthefacts 


Windows 
Server  System 


©  2004  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  the  Windows  logo,  and  Windows  Server  System  are  either  registered  trademarks  or  trademarks 
of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  trademarks  of  their  respective  owners. 


PHOTO  BY  ASA  MATHAT 


Susan  Cramm  executive  coach 


differentiating  capabilities  while  lowering  the  costs  of  two  dis¬ 
tinct  types  of  processes:  customer-facing  and  non-customer- 
facing  (my  source  for  this  model  is  a  white  paper  by  Booz  Allen 
Hamilton,  “A  New  Take  on  Business  Process  Redesign”). 

Customer-facing  processes  include  everything  needed  to 
develop  and  sell  products  and  services:  Understanding  markets 
and  customers:  designing  products  and  services;  and  market¬ 
ing,  selling  and  managing  customer  relationships.  The  cus¬ 
tomer-facing  processes  provide  the  key  source  for  competitive 
advantage  for  internal  IT  organizations  versus  external  vendors. 
Applying  tailored  approaches  is  fundamental  to  IT’s  long-term 
viability  and  success. 

IT  organizations  typically  do  not  realize  a  competitive  advan¬ 
tage  from  most  of  the  non-customer-facing  processes,  which 
include  fulfilling  demand  for  products  and  services;  monitor¬ 
ing  performance;  and  managing  the  financial,  technical  and 
human  resources.  Whereas  the  enterprise  will  pay  a  cost  pre¬ 
mium  for  custom-tailored  customer-facing  processes,  it  wants 
commodity  prices  for  the  non-customer-facing  processes.  To  the 
extent  that  CIOs  want  to  keep  non-customer-facing  processes 
largely  in-house,  they  must  be  able  to  optimize  internal 
processes  to  keep  them  competitive  in  cost  and  service  with 
external  providers. 

Your  emphasis  as  a  CIO  should  be  on  creating  relationships 
with  your  customers  so  that  you  understand  their  business,  their 
challenges,  their  data  and  processes.  You  should  be  defining 
and  delivering  solutions  based  on  an  underlying  unified  infra¬ 
structure  platform  that  supports  the  unique  aspects  of  the  enter¬ 
prise’s  customer-facing  processes  at  the  lowest  possible  cost. 

Outsourcing  and  packages  are  not  the  issue.  If,  in  the  process 
of  delivering  against  your  customer-facing  processes,  you 
decide  you  need  to  outsource  some  or  all  of  your  non-customer¬ 
facing  processes,  so  be  it.  For  many  companies,  outsourcing  is 
a  viable  solution  to  address  the  challenges  of  small-scale,  head- 
count  constraints  and  legacy  IT  capabilities.  Likewise,  packaged 
solutions  make  sense  if  they  allow  your  organization  to  oper¬ 
ate  its  non-customer-facing  activities  in  a  cost-efficient  manner. 

Rather  than  asking  “What’s  left?”  CIOs  should  be  considering 
how  they  can  lead  the  customization  and  tailoring  of  IT’s  cus¬ 
tomer-facing  capabilities,  while  at  the  same  time  simplifying  and 
standardizing  activities  in  which  IT  gains  no  competitive  advan¬ 
tage.  According  to  Booz  Allen  Hamilton,  “internal  service  providers 
need  to  define  their  core  processes  from  the  customer  back  and 
redesign  them  using  measurable  business  value  as  the  metric.” 

As  the  IT  profession  grows  up  to  address  this  very  important 
challenge,  you  can  emulate  those  CIOs  who  are  mature  enough 
to  see  the  many  opportunities  for  IT  as  a  cup 
that  is  half  full  rather  than  half  empty.  BE] 


Susan  Cramm  is  founder  and  president  of  Valuedance, 
an  executive  coaching  firm  in  San  Clemente,  Calif.  You 
can  e-mail  feedback  to  susan@valuedance.com. 


Reader  Q&A 

Q:  There  never  were  any  halcyon  days  for  IT,  but  in  my  com¬ 
pany,  the  situation  has  definitely  gotten  worse.  Our  CFO  is 
driving  the  outsourcing  move.  He  is  not  interested  in  cost  sav¬ 
ings  down  the  road.  He  sees  the  bottom  line  on  the  contracts, 
and  that’s  his  metric  for  which  outsourcer  to  go  with.  I  report 
to  this  guy.  How  can  I  make  the  case  that  some  of  the  things 
he’s  letting  go  of  are  customer-facing  processes? 

A:  CIOs  have  too  often  played  defense  rather  than  offense 
when  it  comes  to  outsourcing.  Consider  a  case  study  of  two 
CIOs,  one  a  predecessor  to  the  other.  The  former  fought  the 
outsourcing  move  initiated  by  the  powers  that  be.  The  current 
CIO  instead  volunteered  to  work  on  the  outsourcing  effort.  He 
started  by  putting  together  an  amazing  strategy  pitch  that 
revealed  the  unique  demands  of  the  business,  all  the  existing 
and  planned  internal  activities  that  were  driving  value,  and 
what  would  be  traded  off  with  a  move  to  outsourcing.  His 
coup  de  grace  was  getting  the  senior  group  to  articulate  the 
outcomes  they  expected  from  outsourcing  and  committing  to 
deliver  those  results.  If  you  want  outsourcing  to  go  your  way 
rather  than  theirs,  adopt  it  and  love  it  to  death. 


Q:  How  should  CIOs  go  about  determining  which  processes 
are  customer-facing?  I  think  it’s  going  to  vary  from  company 
to  company.  The  help  desk  is  the  first  thing  you  think  of  when 
outsourcing,  but  I  know  of  companies  that  keep  that  in-house 
because  it’s  their  number-one  customer-facing  process. 

A:  It  is  preferable  to  source  everything  internally  as  long  as  the 
IT  organization  can  do  three  things:  1.  hire  the  best  and  bright¬ 
est;  2.  leverage  economies  of  scale;  and  3.  predict  capacity 
needs.  CIOs  who  don’t  live  in  that  rarified  air  must  make  hard 

choices  about  how  to 
use  the  outside  world 
to  deliver  customized 
solutions,  access  the 
best  technical  skills, 
operate  cost-effectively, 

and  deal  with  changing  business  needs  and  IT  demand. 

IT  professionals  who  interact  directly  with  the  business 
partners  should  be  considered  customer-facing  since  they  cre¬ 
ate  important  impressions.  Unfortunately,  given  the  three 
challenges  I  listed,  it’s  almost  impossible  to  source  all  of  these 
people  internally.  Some  type  of  quasi-outsourcing  solution  is 
usually  necessary.  For  example,  in  my  restaurant  days,  my 
24/7  help  desk  was  too  large  to  staff  internally.  (I  could  not  hire 
the  best  because  I  couldn’t  provide  all  of  them  with  career 
paths.)  So  I  worked  out  a  deal  with  a  consultancy  to  give  me 
their  new  college  hires  for  18  months,  and  I  filled  all  super¬ 
visory  and  leadership  roles  with  my  permanent  employees. 

-S.C. 


Have  a  Leadership  Question? 


For  more  reader  questions  and  answers 
from  Susan  Cramm,  go  online  to 
www.cio.com/leadership/executive 
coach.html.  CIO.COITI 


3  0 


FEBRUARY  1,  2005  |  www.cio.com 


Managing  some  of  the  parts  or 
the  sum  of  the  parts? 


holistic:  // 

(whole-is'tic) 

the  importance  of 
the  whole  and 
interdependence 
of  its  parts. 


Maximize  IT  value  with  holistic  IT  management  and  governance 

IT  is  a  complex  business  within  a  business:  a  set  of  interdependent,  business-critical  functions  that 
your  organization  relies  on  to  succeed.  Effective  governance  requires  seamless  control  and  a  clear 
understanding  of  how  these  parts  work  together.  Compuware  IT  Governance  by  Changepoint  gives 
you  the  power  to  manage  IT  as  an  integrated  whole  and  maximize  the  value  of  every  project,  application 
and  infrastructure  investment. 


Awarded  “Best  Solution”  by  attendees  at  the 

Gartner  Project  and  Portfolio  Management  2004  Conference 


Visit  our  Governance  Resource  Center  at 

www.compuware.com/holistic 

for  expert  views  on  IT  Governance 


www.compuware.com 


Reality  Bites  A  COLD  LOOK  AT  HOT  TRENDS 


! 


; 


CIO,  How  Does  Your 
Garden  Grow? 

CIOs  who  have  been  asked  to  do  more  with  less  have  been  asking  their  staffs  to  do 
a  lot  more.  They  came  through  for  you;  now  what  are  you  going  to  do  for  them? 

BY  MEGAN  SANTOSUS 


Outsourcing.  Layoffs.  Budget  cuts.  Ho-hum  projects. 

If  that  sounds  like  a  description  of  your  IT  depart¬ 
ment,  chances  are  you  have  a  morale  problem. 
And  you’re  not  alone.  “CIOs  have  to  recognize  thai 
IT  worker  morale  is  at  its  lowest  in  decades,”  says  Paul  Glen, 
author  of  Leading  Geeks:  How  to  Manage  and  Lead  the  People 
Who  Deliver  Technology. 

With  low  morale  as  ubiquitous  and  insidious  as  spam,  rec¬ 
ognizing  that  the  problem  exists  is  the  first,  necessary  step 
toward  correcting  it.  As  Glen  points  out,  when  the  going  gets 
tough,  far  too  many  executives  tend  to  hide  in  their  offices, 
crossing  their  fingers  and  hoping  that  any  problem  related  to 
soft  and  squishy  issues  such  as  their  employees’  “feelings”  will 
somehow  fix  itself— maybe  when  the  economy  improves; 
maybe  when  the  snows  melt.  Aiding  and  abetting  those  exec¬ 
utives  in  dodging  the  problem  has  been  a  dismal  job  market 
that  has  in  effect  prevented  those  disaffected  employees  from 
departing  for  greener  fields.  Of  late,  all  the  IT  fields  they  see 
around  them  have  been  uniformly  brown.  So,  with  employees 
unhappily  stuck,  it’s  been  relatively  easy  for  CIOs  to  glumly 
contemplate  their  own  navels  and  ignore  morale  issues 
because  they  haven’t  translated  into  turnover,  or  anything 
else  tangible. 

Well,  it’s  time  to  lift  up  your  head,  fling  open  those  office 
doors  and  take  a  look  around.  The  job  market  is  about  to 
improve.  Eleven  percent  of  CIOs  plan  to  hire  IT  staff  this  year, 
according  to  the  Robert  Half  Technology  Report.  While  a  mod¬ 
est  gain,  that  represents  a  6  percent  improvement  over  last 
year’s  hiring  projections.  (See  “IT  Hiring  Perks  Up,”  Page  19.) 


3  2 


FEBRUARY  1,  2005  |  www.cio.com 


LLUSTRATION  BY  ALEX  NABAUM 


We’re  inspired  by  the  human  side  of  data.  Data  security  is  more  than  keeping  1  ’s  and  0’s  safe.  To 
him,  it  provides  the  confidence  and  stability  required  to  run  a  global  enterprise,  and  still 
get  a  good  night’s  sleep.  That’s  why  half  of  the  FORTUNE  100  use  Hitachi  storage  technologies 
to  protect  their  data,  and  their  peace  of  mind.  From  the  smallest  Microdrive®  to  the  largest 
SAN  solution,  Data  Storage  from  Hitachi. 


HITACHI 

Inspire  the  Next: 


hitachiyourdata.com 


FORTUNE  is  a  registered  trademark  of  the  FORTUNE i 


Reality  Bites  A  COLD  LOOK  AT  HOT  TRENDS 


If  the  fields  around  yours  start  to  green  up,  doing  nothing 
about  the  morale  crisis  will  damage  your  IT  department  on 
two  fronts.  Employees  with  in-demand  skills  will  flock  to  the 
exits,  and  few  prospects  will  be  knocking  down  your  doors  to 
replace  them  because  poor  morale  is  like  poison:  It  often  leaves 
a  residue  that  people  can  smell. 

Improving  morale  is  also  an  issue  that  goes  beyond  mere 
body  counts  and  retention  statistics.  The  charge  to  do  more 
with  less  that  the  business  has  laid  on  IT  these  past  few  years 
has  placed  a  moral  obligation  on  the  shoulders  of  CIOs  who 
have  asked  their  staffs  to  carry  the  load.  Making  sure  that  the 
(extra)  time  they  spend  at  work  is  productive  and,  yes,  happy, 
is  simply  the  right  thing  to  do.  Raising  morale,  in  other  words, 
is  a  moral  imperative. 

Tend  to  Your  Garden 

Where  to  start?  First  admit  that  you’re  operating  within  limits. 
Instead  of  concentrating  on  individuals,  says  Glen,  CIOs  need 
to  focus  on  creating  an  environment  where  motivation  can 
flourish.  To  borrow  an  analogy  from  gardening,  think  of 
employee  morale  in  terms  of  improving  the  soil  rather  than 
fertilizing  individual  plants. 

CIOs  can  start  creating  that  good,  friable  soil  by  coming  out 
of  hiding  and  finding  out  what  ails  their  staff. 

While  there’s  no  cookie-cutter  approach  to  plumbing  the 
depths  of  your  IT  staff’s  despair,  certain  practices  work  bet¬ 
ter  than  others.  For  example,  employee  surveys  are  a  stan¬ 
dard  method  of  gleaning  employee  feelings,  but  Glen 
cautions  they  may  be  of  limited  utility.  “Surveys  give  you 
some  information  about  precise  questions,  but  the  answers 
can  be  misleading,”  he  says.  Employees  may  fear  repercus¬ 
sions  if  they  answer  truthfully,  and  some  pressing  issues 
(such  as  hiring  outsiders  for  all  the  new,  cool  projects)  won’t 
be  uncovered  at  all  if  there  aren’t  specific  questions  designed 
to  ferret  them  out. 

The  best  approach,  says  Glen,  is  simple.  It’s  called  listening. 
Sure,  everyone  knows  that  listening  to  employees,  customers 
and  family  members  is  a  good  thing,  yet  it’s  a  practice  that 

gets  short  shrift  because  it  requires 
everyone’s  most  precious  commod¬ 
ity  these  days:  time.  To  tune  in  to 
their  employees,  CIOs  need  to  lis¬ 
ten  to  both  their  staff  and  to  trusted 
advisers  who  have  the  gumption  to 
tell  CIOs  the  truth  about  what’s 
going  on  in  the  department,  whether 
it’s  good,  bad  or  ugly.  In  essence, 
says  Glen,  CIOs  need  to  work  harder 
at  developing  their  own  internal  net¬ 
work  of  people  who  can  serve  as  the 
CIO’s  eyes  and  ears.  While  there’s  a 
danger  that  such  folks  may  be 

3  4  FEBRUARY  1,  2005  |  www.cio.com 


That  large  sucking  sound  you're 
starting  to  hear  is  the  competition 
raiding  your  staff.  With  employees 
unhappily  stuck,  it’s  been  relatively 
easy  for  CIOs  to  ignore  morale 
issues.  But  the  job  market  is  about 
to  improve— will  your  staff  stay 
with  you  when  it  does?  How  have 
you  helped  lift  morale  and  keep 
your  best  and  brightest?  Share 
what's  worked  for  you  in  the  ADD 
A  COMMENT  box  at  the  end  of  this 
article  online. 

cio.com 


CIOs  who  think  they  can 
improve  any  employee's 
personal  outlook  by  cla 
him  on  the  back,  giving 
a  high-five,  a  motivational 
speech  or  even  slipping  a 
little  extra  something  into  his 
pay  envelope  are  misguided. 

viewed  as  informers,  CIOs  can  quell  those  fears  if  they  focus 
on  the  big  picture  and  don’t  act  on  any  petty  information  that 
comes  their  way. 

CIOs  should  also  attempt  to  forge  relationships  with  IT 
workers  at  every  level.  “Everyone  hears  what’s  going  on  around 
the  water  cooler  except  the  person  in  the  corner  office,”  Glen 
says.  For  that  reason,  CIOs  have  to  make  a  concerted  and  sus¬ 
tained  effort  to  know  people  throughout  the  IT  ranks.  CIOs 
can  do  something  formal,  like  taking  a  randomly  selected  group 
of  employees  to  lunch  once  a  month  and  asking  them  ques¬ 
tions,  or  something  spontaneous  like  walking  around  and 
inquiring  about  current  projects.  Ideally,  says  Glen,  CIOs  should 
do  both. 

What  About  Your  Morale? 

By  listening  to  the  concerns  of  the  IT  staff,  CIOs  send  a  strong 
signal  to  their  employees  that  they  care  about  them.  Another 
strategy  for  sending  this  message  is  to  help  people  put  what 
they  do  in  a  larger  context.  Let’s  face  it:  For  many  IT  workers 
slogging  away  on  tactical  or  maintenance  kinds  of  projects, 
who  haven’t  seen  a  promotion  since  1999  and  wouldn’t  rec¬ 
ognize  a  pay  raise  if  it  slapped  them  in  the  face,  work  itself 
may  not  be  terribly  inspiring.  “A  leader’s  job  in  creating  an 
environment  in  which  motivation  thrives  involves  helping 
employees  make  sense  of  the  work  they  do  and  the  contribu¬ 
tion  they  make  to  the  organization,”  Glen  says.  Sure,  debug¬ 
ging  that  database  is  a  tad  repetitive,  but  a  well-oiled 
application  saved  the  company  $125,000  last  quarter  and 
enabled  customers  to  spend  less  time  on  the  help  line.  That’s 
the  kind  of  context  that  can  transform  drudgery  into  pur¬ 
pose.  Right  now,  most  CIOs  don’t  provide  their  employees 
with  enough  of  it. 

CIOs  themselves  frequently  suffer  from  low  morale.  But 
it’s  your  job  not  to  let  your  morale  affect  the  morale  of  your 
employees.  And  by  creating  a  better  environment  for  the  peo¬ 
ple  who  work  for  you,  you  may  find  that  your 
own  environment— and  your  morale— will 
improve  as  well.  BE! 


Senior  Editor  Megan  Santosus’s  morale  is  steadily 
improving.  She  can  be  reached  at  santosus@cio.com. 


PHOTO  BY  LESLIE  FEAGLEY 


Oracle  Customer  Data  Hub 


All  Your  Customer  Data 

In  One  Place 


Legacy 


All  your  applications  can  share  high  quality 
consistent  customer  data  in  real  time. 


oracle.com/datahub 
or  call  1.800.633.0940 


Copyright  ©  2004,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates. 


Introducingthe 

Leadership 

Agenda 


Your  Strategic  Imperatives 
for  High-Impact  IT 


36 


FEBRUARY  1,  2005  |  www.cio.com 


What  will  it  take  for  CIOs  to 
succeed  in  2005? 

What  it  takes  every  year:  leadership.  But  CIOs 
must  pick  their  battles  and  align  their  leadership 
to  confront  the  key  forces  they  face  today:  contin¬ 
ued  budget  pressure,  growing  business  demand 
for  innovation  and  competitive  differentiation,  and 
increasing  outside  competition  for  the  delivery  of 
IT  services.  Drawing  on  continuous  research  with 
hundreds  of  IT  executives  and  other  business 
leaders  and  experts,  C/O’ s  editors  have  identified 
the  five  must-dos  that  make  up  the  successful 
CIO’s  new  leadership  agenda.  CIOs  who  marshal 
their  efforts  behind  these  imperatives  will  get  the 
most  value  from  IT,  help  their  enterprises  compete 
more  successfully  and  elevate  the  strategic  impor¬ 
tance  of  IT. 

CIO  will  address  each  of  these  leadership  priori¬ 
ties  repeatedly  during  2005,  not  just  within  our 
pages  but  through  the  most  robust  multimedia 
content  portfolio  we’ve  ever  assembled  for  a  single 
topic  (see  box).  On  the  following  pages,  the  inaugu¬ 
ral  Leadership  Agenda 
article,  “Flex  Time,” 
answers  what  is  perhaps 
the  biggest  question  for 
CIOs  in  2005:  How  can 
you  drive  growth  and 
innovation  and  simulta¬ 
neously  cut  costs?  Read 
on  to  begin  fulfilling 
your  leadership  agenda 
for  high-impact  IT. 


THE 

Leadership 

Agenda 

PORTFOLIO 

More  than  a  dozen 
CIO  feature  articles 

Five  topic-specific 
webcasts 


Edward  Prewitt, 
CIO  Leadership  and 
Management  Editor 


A  live  CIO  event  in 
Boston,  May  9-10 

Dedicated  website— 
http://agenda.cio.com 

Leadership  tools  and 
models 

Article  archives 


THE  FIVE  LEADERSHIP 
IMPERATIVES  FOR  2005 

1  Drive  Innovation 
.  and  Growth  While 
Managing  Costs 

These  apparently  conflicting  demands 
must  be  reconciled  and  managed  for 
companies  to  push  forward  with  their 
business  goals  in  2005. 


2 


Prove  the  Strategic 
Value  of  IT 


The  strategic  business  contributions  of  IT 
must  be  identified,  tracked  and,  most 
important,  articulated  effectively  to  all 
stakeholders. 


3 


Run  IT  Efficiently 
and  Effectively 

The  IT  function  must  be  run  like  a  busi¬ 
ness— with  fiscal  discipline  and  accounta¬ 
bility,  a  responsive  customer  service 
mind-set  and  a  commitment  to  flawless 
operations. 


4 


Develop  the 
.  Next  Generation  of 
IT  Leaders 


The  CIO  can’t  go  it  alone;  senior  IT  people 
must  learn  to  think  like  business  leaders, 
build  productive  relationships  with  cus¬ 
tomers  and  partners,  and  prepare  for  the 
mantle  of  the  CIO. 


5 


Manage  CXO 
Expectations 


Unknown,  unclear  and  unrealistic  expecta¬ 
tions  of  IT  on  the  part  of  the  business  cannot 
stand.  CIOs  must  shape— and  align  with— 
expectations  of  the  executive  committee. 


www.cio.com  |  FEBRUARY  1,  2005 


37 


BY  SUSANNAH  PATTON 


( 

j 

} 


Reader  ROI 

::  Howto  reconcile  cost  constraints 
with  the  need  to  innovate 

::  How  CIOs  have  shifted  IT  funds 
from  fixed  to  flexible  expenditures 

::  Howto  prevent  CFOs  from 
reallocating  all  of  IT’s  freed-up 
funds 


Catherine  Brune,  senior  vice  president  and  CTO 
at  insurance  giant  Allstate,  business  volatility  is  a  way  of  life.  So  when 
four  hurricanes  slammed  the  state  of  Florida  within  two  months  last 
year,  Brune  was  prepared.  A  catastrophe  claim  center  with  several 
hundred  desks  was  up  and  running  in  Orlando  in  less  than  72 
hours,  and  wireless-enabled  satellite  vans  were  dispatched  to  meet 
Allstate  customers  as  each  storm  hit  shore.  As  other  hurricanes  tore 
through  the  center  of  the  state,  that  claim  center  had  to  be  evacu¬ 
ated  and  then  moved  back  in  a  period  of  days.  IT  leaders  quickly 
came  up  with  hundreds  of  thousands  of  dollars  to  set  up  a  tempo¬ 
rary  center,  move  desktops  and  assure  connectivity.  “Sudden  dis¬ 
aster  demands  flexibility,"  says  Brune.  “To  be  responsive,  we  need 


38 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  JEFF  SCIORTINO 


Catherine  Brune/  Senior  vp  and  CT0,  Allstate 


To  improve  IT's  agility,  Brune  has  made  it  her  mission  to 
expand  the  flexible  portion  of  her  $1.2B  IT  budget,  from  25% 
in  2002  to  50%  today  (and  more  to  come).  "You  run  a  better 
business  when  you  have  more  of  your  dollars  going  toward 
flexible  or  strategic  initiatives,"  she  says. 


Cover  Story  |  Budgeting 


to  move  quickly  and  invest  in  new  tech¬ 
nologies.  And  we  need  an  IT  budget  that 
allows  us  to  change  directions  on  a  dime.” 

To  help  Allstate  respond  effectively  to  nat¬ 
ural  disasters  and  other  unpredictable 
changes  in  the  business,  Brune  has  pushed 
to  expand  the  portion  of  the  company’s 
$1.2  billion  IT  budget  that  is  flexible  or  dis¬ 
cretionary.  IT  flexibility  allows  her  to  respond 
more  easily  to  business  units’  needs  and 
invest  in  technologies  they  ask  for.  To  im¬ 
prove  IT’s  agility,  Brune,  who  started  her 
career  at  Allstate  28  years  ago  in  operations, 
has  made  it  her  mission  to  cut  fixed  costs  and 
reallocate  at  least  some  of  those  savings  to 
strategic  projects.  When  she  took  over  as 
CTO  two  years  ago,  fixed  costs,  which  she 
describes  as  anything  that  “keeps  the  lights  on 
and  requires  people  and  monitoring,”  made 
up  75  percent  of  the  total  IT  budget.  Today, 
that  amount  has  fallen  to  50  percent  and 
could  drop  even  further  as  Brune  continues 
to  find  redundant  systems  and  trim  fixed 
costs.  The  added  budget  flexibility  allows  her 
to  invest  in  new  technologies  and  respond 
more  easily  to  changing  business  needs. 

IT  executives  today  are  caught  between 
the  opposing  forces  of  cost  constraints  and 
pressure  to  innovate.  One  key  to  reconciling 
those  forces  is  to  shift  the  ratio  between 


_ Cost  Agility  Benchmarks 

Honorees  of  the  2004  CIO  100  Award, 
recognized  for  their  agility,  reported 
these  fixed-versus-flexible  cost  ratios 
for  these  areas  of  their  IT  budget.  (See 
our  Aug.  15  issue  or  CI0.com  for  more 
on  these  companies.) 

Overall  IT  costs 

IT  staffing 
Software 
Hardware 
Networking 
Telecommunications 
Overhead 
Other 

Note:  Some  percentages  do  not  add  to  100%  due  to  incomplete  answers. 


Fixed  Flexible 


fixed  and  flexible  IT  costs.  CIOs  in  many 
industries  are  trimming  fixed  expenses,  such 
as  personnel  costs,  mainframe  expenses, 
hardware  and  software  maintenance,  and 
equipment  leases,  to  free  up  more  money  for 
strategic  projects  and  investments  in  new 
technologies.  In  doing  so,  they  are  eschew¬ 
ing  the  easy  route;  an  IT  budget  filled  with 
fixed  costs  means  the  organization  will  be 
more  predictable  and  easier  to  run.  But  they 
are  also  benefiting  from  freedom  from  long¬ 
term  leases  and  suffocating  maintenance 
costs  as  they  invest  in  technologies  that  can 
spur  growth  and  competitive  advantage.  “If 
you’re  not  spending  a  third  of  your  IT 
budget  in  some  discretionary  way,  you  are 
missing  the  strategic  opportunities  to  lever¬ 
age  IT,”  says  Steve  Andriole,  senior  con¬ 
sultant  at  Cutter  Consortium’s  business-IT 
strategies  practice. 

Changing  your  cost  structure  to  create 
greater  flexibility  is  the  best  way  to  keep  IT 
front  and  center  in  business  strategy  while 
adhering  to  the  imperative  of  lower  costs.  Just 
ask  Rudi  Huber,  CIO  and  vice  president  for 
global  business  services  of  aluminum  giant 
Alcoa,  who  has  cut  overall  IT  costs  by  30  per¬ 
cent  in  the  past  few  years  but  has  also  man¬ 
aged  to  move  forward  with  a  multiyear, 
multimillion-dollar  ERP  implementation  that 
will  replace  aging  financial,  pro¬ 
curement,  commercial  and  manu¬ 
facturing  systems.  During  this 
period  of  belt-tightening  at  Alcoa, 
Huber  has  gone  from  a  70-30  ratio 
of  fixed  to  variable  costs  to  about  a 
50-50  level.  “With  more  flexibility 
we  have  been  able  to  make  the 
investments  we  need  to  remain  com¬ 
petitive,”  Huber  says. 

But  with  the  rewards  also  come 
greater  risks.  Savings  from  reduced 
fixed  costs  might  be  gobbled  up  by 
the  CFO  to  pad  the  bottom  line, 
rather  than  being  kept  in  the  IT 
budget  in  readiness  for  new  invest¬ 
ments  or  unexpected  opportunities 
or  needs.  In  addition,  CIOs  with 
larger  amounts  of  variable  spending 
face  increased  pressure  to  deliver 
business  value  on  new  and  untried 
projects.  “The  biggest  risk  is  that  you 
won’t  deliver  on  a  project,”  Brune 
says.  “You  run  a  better  business 


when  you  have  more  of  your  dollars  going 
toward  flexible  or  strategic  initiatives,  but  it’s 
a  lot  harder  to  do.” 

HOW  TO  FIND  YOUR  BALANCE 

There  is  no  optimal  level  for  fixed  versus  flex¬ 
ible  costs  across  all  industries.  A  survey  of 
our  2004  CIO  100  honorees,  recognized  for 
their  agility  across  many  aspects  of  IT  and 
the  enterprise  (for  more  of  this  survey,  see  the 
Agile  100  issue  at  www.cio.com/printlinks), 
revealed  they  averaged  a  relatively  high 
level— 33  percent— of  flexible  costs  in  their 
total  IT  budgets.  But  the  maximum  flexible 
portion  can  vary  widely,  from  a  dramatic  90 
percent  in  a  company  that  had  to  downsize 
quickly  and  radically,  to  20  percent  at  a  uni¬ 
versity  where  the  culture  demands  slower  and 
more  measured  change  in  IT  investments. 

To  determine  the  best  mix  of  fixed  and 
variable  costs  in  an  IT  budget,  CIOs  should 
begin  by  assessing  their  companies’  eco¬ 
nomic  models,  says  CD  Hobbs,  president  and 
COO  at  Meta  Group.  “You  can’t  simply  opt 
for  a  high  variable  cost  posture  and  say  it’s 
good.  Variable  for  the  sake  of  variable  can  be 
very  dangerous,”  he  says.  For  example,  com¬ 
panies  in  industries  such  as  airlines,  oil  and 
financial  services,  where  demand  for  IT  serv¬ 
ices  is  volatile,  should  have  higher  variable 
IT  costs  than  companies  that  foresee  stable 
short-run  markets. 

Hobbs  also  warns  that  CIOs  in  search  of 
flexibility  should  beware  of  more  expensive 
short-term  contracts.  His  analogy:  “If  you 
think  interest  rates  are  going  to  rise,  you  lock 
your  mortgage  in  for  30  years,”  he  says.  The 
new  trend  in  on-demand  subscription  types 
of  software  contracts  offers  a  prime  example 
of  short-term  risk.  The  on-demand  model  is 
appealing  because  CIOs  can  buy  services  in 
small  amounts  as  demand  scales  upward. 
However,  if  demand  exceeds  the  forecast, 
CIOs  might  face  a  surfeit  of  expensive  short¬ 
term  contracts.  “In  an  expanding  market, 
there  might  be  more  tears  than  cheers,” 
Hobbs  says. 

With  these  cautions  in  mind,  CIOs  look¬ 
ing  to  increase  their  variable  spending  need 
to  work  closely  with  their  CEOs  and  busi¬ 
ness  unit  leaders  to  accurately  balance  IT 
resources  with  internal  demand.  “For  the 
CIO  to  do  a  good  job  with  this  balance,  he  or 
she  has  to  be  an  intimate  player  in  the  strat- 


40 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  ROGER  BALL 


Small,  Fast 


Budget  flexibility  can  help  CIOs  maintain 
IT  service  levels  in  hard  times 


FOR  CIOS  AT  SMALL  AND  MIDSIZE  BUSINESSES, 

boosting  cost  flexibility  can  be  much  more  straightfor¬ 
ward  than  for  their  counterparts  at  large  companies. 
Greg  Meyer,  CTO  at  startup  iJet  Travel  Risk  Manage¬ 
ment,  which  brought  in  an  estimated  $6.5  million  in 
revenue  in  2004,  says  he  has  a  far  easier  time  getting 
consensus  from  colleagues  to  change  his  spending 
plans  than  he  did  when  he  was  CIO  of  a  larger  IT  serv¬ 
ices  company.  At  large  companies,  he  says,  the  long¬ 
term  IT  projects  that  cost  tens  of  millions  of  dollars  gain 
a  life  of  their  own;  it’s  hard  to  stop  those  projects,  even 
if  they’re  clearly  headed  forfailure.  In  a  smaller  organi¬ 
zation,  everyone  at  the  senior  level  has  a  relationship 
with  the  board,  which  ultimately  controls  expenditures. 
“You  can  turn  on  a  dime  a  lot  more  easily  if  everyone  in 
the  organization  is  helping  you  turn,”  Meyer  says. 

Chris  France,  CIO  at  Little  Diversified  Architectural 
Consulting,  which  reports  annual  revenue  of  $40  mil¬ 
lion  for  2003,  credits  his  90  percent  flexible  posture  to 
the  close  contact  he  maintains  with  other  top  execu¬ 
tives  and  the  reputation  he  has  built  for  being  tough  on 
IT  spending.  France  admits  that  his  case  is  extreme  and 
probably  wouldn't  work  for  everyone,  however.  For  one 
thing,  paying  cash  and  avoiding  financing  for  hardware 
prevents  him  from  investing  that  money  and  could 
have  negative  tax  implications  for  larger  companies. 

But  his  experience  with  downsizing  has  taught 
him  some  helpful  lessons  that  he  says  could  apply  to 
larger  IT  shops.  Radically  increasing  his  cost  flexibility 
allowed  him  to  maintain  IT  services  in  drastic  times. 
“For  any  company,  it  can  be  helpful  to  imagine  what  you 
would  do  if  your  revenue  was  cut  in  half,”  France  says. 

“I  was  taken  by  surprise  by  the  sudden  volatility  in  this 
industry.  We  are  all  vulnerable  to  some  extent.”  -S.P. 


After  deep,  painful  cost  cuts  in  2001,  France  has  sought  to  eliminate 
fixed  costs,  lowering  the  proportion  from  40%  in  '01  to  10%  today. 
“When  we  were  faced  with  a  drastic  drop  in  our  revenue,  we  found  out 
how  inflexible  our  infrastructure  and  contracts  were,”  he  says. 

His  goal:  zero  fixed  costs  by  the  middle  of  this  year. 


www.cio.com  |  FEBRUARY  1,  2005 


41 


Cover  Story  |  Budgeting 


When  You  Need  to 
Get  Flexible 


Three  signs  that  you  should  increase 
your  variable  spending 

1YOUR  INDUSTRY  IS  UNDERGOING  RAPID  OR 
DRAMATIC  CHANGE.  If  you’re  in  the  airline  busi¬ 
ness,  financial  services  or  any  other  industry  facing 
transformation,  flexibility  is  crucial. 

2  YOUR  FIXED  COSTS  ARE  CREEPING  HIGHER 
EVERY  YEAR.  The  more  complex  your  systems 
become,  the  larger  your  fixed  costs  and  the  harder  it 
becomes  to  react  to  business  changes.  It’s  time  to 
excise  old  systems  and  trim  maintenance  costs. 

3  YOU’RE  FALLING  BEHIND  YOUR  PEERS  IN 
INNOVATION.  Even  in  industries  that  encourage 
stability  and  high  fixed  costs,  such  as  utilities  and  uni¬ 
versities,  you  need  to  keep  abreast  of  newer  technolo¬ 
gies  that  will  help  keep  your  organization  competitive 
in  the  long  run.  -S.P. 


egy  formation  and  modification  process,” 
Hobbs  says. 

At  Hewlett-Packard,  top  IT  executives  col¬ 
laborated  with  business  units  to  reduce  fixed 
costs  and  create  flexibility  after  the  merger 
with  Compaq  in  May  2002.  Prior  to  the 
merger,  HP  had  23  percent  of  its  IT  dollars 
earmarked  for  innovation,  with  the  rest  of 
the  budget  tied  up  in  maintaining  25,000 
servers,  7,000  applications  and  300  data  cen¬ 
ters.  “We  were  overly  complicated,  and  our 
fixed  costs  were  very  large,”  says  John  Buda, 
HP’s  vice  president  for  strategy  and  planning 
for  global  operations  and  IT.  Buda  and  his 
boss,  CIO-to-be  Gilles  Bouchard,  appointed  a 
select  group  of  IT  staffers  to  handle  the  com¬ 
plex  and  politically  sensitive  process  of  decid¬ 
ing  which  resources  were  redundant  and 
unnecessary.  For  example,  the  group  worked 
closely  with  the  human  resources  depart¬ 
ment  to  ascertain  that  the  multiple  systems  it 
was  using  could  be  reduced  to  a  single  ver¬ 
sion  of  PeopleSoft  and  a  single  database.  Ulti¬ 
mately,  servers  across  the  merged  company 
were  cut  to  19,000,  applications  to  4,000  and 
data  centers  to  85,  with  substantial  further 
reductions  expected.  HP’s  cost  flexibility  has 
risen  to  34  percent  of  the  $2.8  billion  IT 
budget,  with  a  goal  of  50  percent,  Buda  says. 

Stephen  Fugale,  CIO  at  Villanova  Univer¬ 
sity,  focused  on  the  organization’s  appetite 
for  innovation  to  make  the  case  for  greater 
cost  flexibility.  When  he  arrived  at  the  uni¬ 
versity  three  years  ago,  close  to  90  percent  of 
the  $12.7  million  IT  budget 
was  locked  into  fixed  costs 
such  as  hardware  mainte¬ 
nance,  servers,  software 
licenses  and  overall  infra¬ 
structure.  Universities,  he 
says,  often  have  a  high  level 
of  fixed  costs  because  stan¬ 
dardization  has  lagged  be¬ 
hind  the  corporate  world. 

He  analyzed  his  IT  budget, 
which  he  says  appeared  to 
have  been  put  together  in 
the  past  without  much 
planning,  and  broke  it 
down  into  fixed  and  vari¬ 
able  areas  to  see  where  he 
could  find  savings.  Fugale 
huddled  with  university 
administrators  to  deter¬ 


mine  where  fixed  costs  could  be 
reduced  and  where  there  was  a 
need  for  strategically  oriented 
projects.  He  also  compared  his 
ratio  to  other  universities’. 

Over  the  past  three  years,  he 
has  been  able  to  free  up  a  small 
amount  of  those  fixed  costs  by 
standardizing  hardware  and  soft¬ 
ware  platforms  and  finding  some 
economies  of  scale  in  merging 
student  and  faculty  hardware 
and  support  services.  Fugale  says 
20  percent  of  his  budget  is  now 
in  the  variable  category,  which 
has  allowed  him  to  move  forward 
with  an  investment  in  wireless 
and  mobile  computing  technol¬ 
ogy.  His  ceiling  for  cost  flexibility 
is  probably  between  20  percent 
and  25  percent,  at  least  for  the 
time  being,  he  says;  a  higher  frac¬ 
tion  of  variable  costs  would  be  out 
of  line  with  the  appetite  for  IT  innovation  at 
most  universities. 

Cutter  Consortium’s  Andriole  cites  Vil¬ 
lanova  as  a  good  example  of  how  a  CIO  can 
free  up  money  for  strategic  investments  after 
careful  examination  of  the  organization’s 
budget  and  culture— even  if  that  culture 
won’t  allow  for  a  radical  transformation. 
According  to  Andriole,  CIOs  seeking  to 
change  their  fixed-variable  cost  ratio  should 
first  benchmark  their  company  and  indus¬ 
try  to  see  where  they  stand 
in  comparison.  “If  all  of 
your  competitors  are  at  the 
80-20  level  and  you  are  90- 
10,  you  need  to  figure  out 
how  to  get  some  more  flexi¬ 
bility,”  he  says. 

Looking  ahead,  Fugale 
knows  it  will  be  a  struggle  to 
keep  investing  in  new  tech¬ 
nologies  with  no  expected 
increase  in  his  IT  budget 
during  the  next  five  years. 
Nonetheless,  to  plan  for  new 
investments,  such  as  replace¬ 
ment  of  an  aging  phone  sys¬ 
tem,  Fugale  is  looking  for 
ways  to  cut  fixed  costs  fur¬ 
ther  and  to  generate  revenue 
through  his  technology.  At 


the  moment,  he  is  reselling  videoconference 
space,  computer  equipment  and  phone  serv¬ 
ice  to  students,  bringing  in  $350,000  in  rev¬ 
enue  in  2004  that  can  be  earmarked  for 
strategic  investment.  Fugale’s  strategy  to  hold 
onto  this  “found  money”  for  strategically 
aligned  academic  IT  projects  rather  than  see¬ 
ing  it  reallocated  to  other  departments  is 
straightforward:  Keep  in  close  touch  with 
those  who  hold  the  purse  strings  and  let  them 
know  he  has  clear  plans  for  the  extra  money. 

FLEXIBILITY  IN  AN  AGE 
OF  COST-CUTTING 

It’s  no  longer  news  when  CIOs  have  to  slash 
fixed  costs.  For  many  IT  executives,  annual 
budget  cuts  have  become  the  norm.  In  these 
instances,  simply  taking  from  discretionary 
funds  isn’t  feasible;  that  well  runs  dry  unless 
replenished.  The  trick  is  to  create  budget  flex¬ 
ibility  while  lowering  overall  IT  costs. 

As  the  aluminum  market  has  contracted  in 
recent  years,  Alcoa’s  Huber  has  had  to  cut 
30  percent  from  global  spending.  In  doing  so, 
Huber  managed  to  shift  from  a  70-30  fixed- 
to-variable  ratio  to  about  a  50-50  level.  His 
primary  means  of  doing  so  was  consolidating 
124  data  centers  around  the  world  into  four 
principal  regional  centers,  cutting  the  num¬ 
ber  of  applications  in  use  from  3,000  to 
2,000  (with  more  expected)  and  standardiz- 


CIO  Leadership 
Agenda 

This  story  targets  the 
Leadership  Agenda  topic 
“DRIVING  INNOVATION  AND 
GROWTH  WHILE  MANAGING 
COSTS.”  You’ll  find  more 
material  on  this  and  the  four 
other  topics  for  2005  on  the 
new,  dedicated  website 
AGENDA.CIO.COM.  Look 
there  throughout  the  year 
for  articles,  tools  and  web¬ 
casts  on  driving  innovation, 
proving  IT  value,  running 
IT  efficiently,  developing 
leaders  and  managing 
expectations. 

.com 


FEBRUARY  1,  2005  |  www.cio.com 


42 


PHOTO  BY  EILEEN  ESCARDA 


ing  the  company’s  desktop  environment. 
“Complexity  drives  cost,”  Huber  says.  He  is 
constantly  on  the  lookout  for  ways  to  keep 
his  fixed  costs  from  creeping  back  up.  For 
example,  although  he  recently  paid  for  Oracle 
database  software  licenses,  he  has  decided  he 
can  do  without  some  of  the  maintenance  con¬ 
tracts  on  legacy  applications  that  will  be 
replaced  through  the  ERP  implementation. 
“The  trick  is  to  squeeze  something  out  of  the 
operations  side  so  that  you  can  invest  in  your 
technical  environment  and  provide  value  to 
the  business,”  he  says. 

In  many  companies,  employee  salaries  and 
benefits  are  the  number-one  fixed  budget 
item.  Outsourcing  would  seem  to  be  an  obvi¬ 
ous  method  of  increasing  cost  flexibility.  Greg 
Meyer  CTO  of  ijet  Travel  Risk  Management, 
employs  12  internal  staff  developers  and  a 
team  of  18  in  India.  But  Meyer  has  found  that 
outsourcing  doesn’t  save  him  money;  he  ulti¬ 
mately  spends  as  much  on  an  overseas  devel¬ 
oper  as  an  internal  staffer,  he  says.  The  benefit 
of  outsourcing  is  in  the  agility  it  provides  his 
department.  “It’s  much  easier  to  drop  and  add 
a  resource  in  India  than  to  bring  someone  in 
here,”  he  says. 

Other  CIOs  avoid  outsourcing  on  the 
grounds  of  flexibility,  however.  Ever  since  he 
had  to  undergo  an  extreme  case  of  cost-cut¬ 
ting,  Chris  France,  CIO  of  Little  Diversified 
Architectural  Consulting,  has  been  averse  to 
most  kinds  of  contracts,  including  outsourc¬ 
ing  deals.  When  major  clients  put  the  brakes 
on  after  9/11,  the  company,  which  builds  large 
retail  centers  and  public  buildings  such  as 
schools  and  jails,  eliminated  320  people  from 
its  payroll  of 600  and  set  out  to  shave  the  rest 
of  its  budget  to  the  bare  bones.  A  heavy  pro¬ 
portion  of  fixed  costs  made  cost-cutting  very 
difficult  initially.  “When  we  were  faced  with 
a  drastic  drop  in  our  revenue,  we  found  out 
how  inflexible  our  infrastructure  and  con¬ 
tracts  were,”  says  France.  He  has  eliminated 
all  outsourcing  contracts  and  is  down  to  nine 
full-time  IT  employees.  “The  key  for  us  is  to 
avoid  as  many  contracts  and  leases  as  possi¬ 
ble,”  he  says. 

France  also  sought  to  eliminate  fixed  costs 
while  boosting  flexibility  by  buying  out  long¬ 
term  software  contracts,  avoiding  long-term 
agreements  and  changing  how  the  company 
buys  hardware.  He  now  boasts  an  almost 
unheard  of  10-90  ratio  of  fixed  to  variable  IT 


costs.  To  maintain  such  a  high  degree  of  flex¬ 
ibility,  France  has  learned  to  stagger  leases, 
negotiate  breakable  lease  terms  and  pay  cash 
for  as  much  as  he  can.  Virtually  all  of  his  soft¬ 
ware  is  purchased  by  subscription,  and  he 
has  let  maintenance  lapse  on  all  of  the  seats 
of  his  design  software  that  are  not  being 
used.  The  10  percent  of  his  IT  spending  that 
is  fixed  is  made  up  almost  entirely  of  spe¬ 
cialized  large  format  printers  used  by  archi¬ 
tects  for  design  work— and  he  plans  to  buy 
the  equipment  when  the  lease  expires  soon, 
thereby  reducing  his  fixed  costs  to  zero. 

France’s  cost  strategy  reflects  a  close  work¬ 
ing  relationship  with  the  company’s  CFO, 
Jim  McGarry,  who  sits  directly  behind  him  in 
the  office’s  open  seating  plan.  McGarry  says 
that  when  Little  Diversified  started  to  down¬ 
size,  flexibility  became  the  mantra  for  the 


company  as  a  whole.  “We  project  and  react 
and  try  to  control  expenses  as  much  as  pos¬ 
sible  in  accordance  with  revenue  forecast,” 
McGarry  says.  “We  place  trust  and  respon¬ 
sibility  with  Chris  [France].  He  knows  that 
every  spending  decision  must  pass  the  busi¬ 
ness  case  test.” 

PROTECT  YOUR 
HARD-EARNED  SAVINGS 

In  many  cases,  however,  the  CIO-CFO  rela¬ 
tionship  isn’t  so  harmonious.  Funds  that  IT 
has  worked  hard  to  free  up  can  be  low-hang¬ 
ing  fruit  for  a  hungry  CFO.  CIOs  have  to 
make  a  case  for  retaining  some  of  those  sav¬ 
ings  to  meet  business  demand  for  innovative 
investments— or  just  to  set  aside  for  a  rainy 
day  fund.  Dennis  Klinger,  vice  president  and 
CIO  at  utility  company  Florida  Power  & 


FLEXIBLE 


Klinger  cut  fixed  IT  costs  from  around  65% 
to  about  50%  today,  and  then  held  onto  the 
funds  by  marketing  the  benefits  of  a  new 
IT  project.  “We  showed  them  we  were  cutting 
IT  costs  in  other  areas,"  he  says. 


Dennis  Klmger/Vp  and  a0  norida  Power  &  Light 


www.cio.com  |  FEBRUARY  1,  2005 


43 


Cover  Story  |  Budgeting 


Light,  employed  a  marketing  approach  to 
redirect  a  large  portion  of  fixed  costs  to  a  new 
project,  despite  operating  in  an  industry 
known  for  its  lack  of  budget  flexibility. 

First,  he  lowered  fixed  costs  to  about 
50  percent  of  the  utility’s  $150  million  in  IT 
spending  from  the  previous  60  to  70  percent 
by  cutting  software  and  hardware  mainte¬ 
nance  and  support  costs,  consolidating  server 
and  storage  facilities,  and  reducing  commu¬ 
nications  costs.  Then  he  convinced  business 
executives  to  move  ahead  with  a  five-year, 
$100  million  project  dubbed  Tech  21  that  will 
transform  the  way  the  company  manages  the 
business  of  distributing  electricity.  The  proj¬ 
ect,  which  is  in  its  final  stages,  includes  mul¬ 


tiple  systems  initiatives  that  have  revamped 
software,  introduced  wireless  and  mobile 
computing,  and  resulted  in  widespread 
changes  in  business  and  IT  processes. 
Klinger  won  support  for  Tech  21  from  busi¬ 
ness  units— and  approval  for  more  discre¬ 
tionary  spending— by  selling  them  on  the 
project’s  business  value  and  giving  regular 
progress  reports.  “We  showed  them  we  were 
cutting  IT  costs  in  other  areas,”  he  says.  “We 
presented  it  like  a  business  option.” 

Allstate’s  Brune  stays  on  the  CFO’s  good 
side  by  keeping  close  to  the  business  side. 
She  attends  strategy  sessions  with  business 
unit  presidents  and  works  with  an  IT  spon¬ 
sor  group  made  up  of  CIOs  of  individual 
business  units.  “You  have  to  be  Siamese 
twins  with  business  partners,”  she  says. 
“The  CFO  is  not  the  issue”— business  unit 
presidents  are  the  ones  who  can  make  or 
break  plans  for  a  strategic  IT  investment.  At 
a  recent  lunch  with  the  head  of  Allstate’s  dis¬ 
tribution  division,  Brune  received  valida¬ 


tion  of  her  alignment  efforts.  “A  few  years 
ago  he  was  critical.  His  unit  didn’t  have  trust 
or  respect  for  us,”  she  says.  “He  looked  at  me 
across  the  table  and  said,  ‘For  the  first  time, 
I  don’t  have  anyone  working  for  me  right 
now  who  says  they  can’t  get  something  done 
because  of  technology.’” 

In  fact,  when  it  comes  to  fixed  versus  flex¬ 
ible  costs,  alignment  is  the  issue,  says  Cut¬ 
ter’s  Andriole.  If  business  leaders  see  IT  as 
primarily  a  cost  center,  “IT  spending  will  be 
95  to  100  percent  fixed,”  he  says.  Even  in 
companies  where  the  CIO  and  CFO  get 
along,  however,  they  won’t  always  see  eye- 
to-eye.  “It  happens  all  the  time  that  money  is 
taken  away  from  the  CIO,”  says  Meyer  of  ijet 


Travel  Risk  Management.  Meyer,  who  con¬ 
siders  his  CFO  a  friend,  says  he  was  heart¬ 
broken  when  that  CFO  recently  shut  down 
his  million-dollar  plan  to  extend  the  com¬ 
pany’s  emerging  technologies  group.  “I 
wanted  to  make  that  investment  so  badly  I 
could  taste  it,”  Meyer  says.  In  the  end, 
though,  he  came  to  terms  with  the  CFO’s 
rationale,  which  was  based  on  a  two-to- 
three-year  plan  as  opposed  to  his  own  five-to- 
10-year  outlook.  “I’ve  known  a  lot  of  CFOs, 
and  some  of  them  are  jerks,”  Meyer  says. 
“But  as  CIO  or  CTO,  we  have  to  understand 
that  most  of  [the  CFOs]  are  concerned  about 
the  overall  health  of  the  company.” 

NO  USE  TRYING  TO  HIDE 

It  might  be  tempting  to  try  to  hide  discre¬ 
tionary  funds  in  budget  footnotes,  but  CIOs 
seeking  cost  flexibility  need  to  be  up  front 
with  business-side  colleagues  about  their 
choices.  One  of  the  keys  to  gaining  support  for 
his  new  initiatives  at  Florida  Power  &  Light, 


Klinger  says,  was  transparency  in  the  IT 
budget,  with  clear  outlines  of  what  is  fixed 
and  where  choices  can  be  made.  “You  have  to 
be  prepared  to  talk  about  the  business  value 
of  your  investment.  You  have  to  be  ready  to 
talk  about  the  trade-offs,”  he  says.  It  can  be  a 
difficult  conversation,  “but  the  reward  is 
greater  credibility.” 

Meyer  of  ijet  Travel  Risk  Management 
agrees  that  IT  leaders  need  to  clearly  break 
down  their  costs  for  business  leaders— 
especially  when  they  are  faced  with  volatil¬ 
ity.  Because  ijet  provides  intelligence  and 
help  for  companies  with  employees  in  far- 
flung  and  sometimes  dangerous  locales,  the 
business  needs  can  change  rapidly.  With 
60  percent  flexible  IT  costs,  Meyer  is 
poised  to  respond. 

But  with  flexibility  comes  a  trade-off  in 
planning.  “The  more  variable  my  spending 
streams  are,  the  harder  it  is  for  me  to  articu¬ 
late  a  long-term  vision,”  Meyer  says.  For 
example,  two  years  ago  he  came  up  with  a 
plan  to  invest  in  software  that  would  create 
itineraries  for  business  travelers  in  Europe. 
Soon  after,  however,  clients  began  focusing 
on  rebuilding  projects  in  Iraq.  So  Meyer 
shifted  some  of  the  money  planned  for  the 
software  investment  to  GPS  and  other  tech¬ 
nologies  that  help  companies  track  employ¬ 
ees  in  hazardous  and  hard-to-reach  areas.  By 
carefully  presenting  to  his  board  the  logic 
behind  the  shifts  in  strategy  and  spending, 
Meyer  deflected  criticism  that  he  hadn’t  fol¬ 
lowed  through  on  long-term  plans.  “What 
you  lose  in  long-term  vision,  you  gain  in  flex¬ 
ibility,”  he  says. 

To  maintain  cost  flexibility  over  the  long 
run,  CIOs  have  to  constantly  reevaluate  their 
spending  strategies,  says  Allstate’s  Brune. 
She  recommends  setting  up  a  series  of  check¬ 
points  to  make  sure  that  projects  are  provid¬ 
ing  value  and  to  reevaluate  projects  that 
aren’t  successful  from  the  get-go.  It’s  a  time- 
consuming  process,  but  without  it  CIOs  are 
vulnerable  to  change.  “You  have  to  be  will¬ 
ing  to  ask  if  the  strategy  you  had  12  months 
ago  is  the  same  one  you  need  going  forward,” 
Brune  says.  “You  have  to  be  expense-con¬ 
scious  and  flexible,  and  you  have  to  stay  bal¬ 
anced  at  all  times.”  HH 


Susannah  Patton  ( spatton@cio.com )  is  a  senior  writer 
based  in  San  Francisco. 


Five  Steps  to  Flexibility _ I 

How  CIOs  can  free  up  funds  (and  keep  them  for  IT  use) 

1.  Consolidate  vendors  and  systems. 

2.  Buy  out  long-term  contracts  and  consider  short-term  agreements. 

3.  Benchmark  their  cost  position  against  competitors’. 

4.  Partner  with  business  unit  leaders  to  forecast  their  need  for  IT  investments  and 
make  the  case  for  reallocating  fixed  costs. 

5.  Develop  choices  and  alternatives  for  reallocating  IT  budgets  to  keep  them  away  from 

the  CFO’s  ax.  -S.P. 


44 


FEBRUARY  1,  2005  |  www.cio.com 


IMAGINE  YOUR  APPLICATIONS  PERFORMING  AS  AN  ENSEMRIE 


THE  FASTEST  WAY  TO  MAKE  YOUR 
APPLICATIONS  PERFORM  TOGETHER 


Imagine  your  applications  -  both  legacy  and 
new  -  performing  together  as  an  ensemble. 

That  vision  can  become  a  reality  surprisingly 
quickly  with  Ensemble,  the  Universal  Integration 
Platform  with  all  the  functionality  you  need  to 
rapidly  complete  any  type  of  integration  project  on 
deadline  and  on  budget.  Even  complex  projects 
you  may  have  struggled  with  in  the  past. 

With  its  unique  fusion  of  powerful  technologies 
for  application  integration,  development,  deploy¬ 
ment,  and  management,  Ensemble  enables 
extremely  fast  integration  and  rapid  development 
of  “composite  applications”  -  new  business 
solutions  that  integrate  data,  orchestrate  business 


processes,  and  enhance  the  value  of  legacy  applica¬ 
tions.  You’ll  see  real-world  evidence  of  this  in  the 
customer  testimonial  section  of  our  web  site. 

Ensemble  is  exciting  new  software  from 
InterSystems.  Over  the  past  twenty-six  years  our 
high  performance  products  have  been  deployed 
in  more  than  100,000  mission-critical  systems 
around  the  world. 

We’re  so  confident  that  Ensemble  is 
dramatically  faster  than  any  other  integration 
technology,  we’ll  be  happy  to  begin  our  partner¬ 
ship  with  you  by  conducting  a  pilot  project. 

To  pursue  this,  contact  us  at: 
www.InterSystems.com/Skydivers 


InterSystems 

ENSEMBLE 


Integrate  Applications  Faster 


To  learn  how  enterprises  like  yours  are  using  Ensemble,  or  if  you  are  a  System  Integrator  in  need  of  a 
rapid  integration  platform,  come  to:  www.InterSystems.com/Skydivers 


©  2004  InterSystems  Corporation.  All  rights  reserved.  InterSystems  Ensemble  is  a  registered  trademark  oflntcrSystcms  Corporation.  7-04 


jgrspectives 


Today  s  security  executives  are  required  to 
perform  difficult  and  constant  balancing  acts 
between  the  art  and  science  of  security, 
continuously  weighed  against  the  needs  of 
the  business.  Getting  the  "science’'  part  of  the 
equation  right  is  the  easier  part.  The  technologie 
are  known  entities,  and  better  ones  continue  to 
evolve.  There  are  quantitative  measurements 
around  such  issues  as  intrusion  detection,  foren¬ 
sics  and  regulatory  compliance,  along  with  more 
mature  attempts  to  quantify  the  ROI  of  security. 


It’s  the  “art”  of  security  that’s  the  harder  part— the 
art  of  diplomacy,  of  persuasion,  of  getting  into  and 
understanding  other  mindsets.  It’s  everything 
from  establishing  security  procedures  everyone 
will  actually  follow  to  fostering  positive  relations 
with  senior  executives  and  the  board  of  directors. 
It’s  getting  the  staff  to  think  like  a  hacker  or 
terrorist  to  get  ahead  of  potential  threats. 


Join  your  peers  from  business,  industry  and 
government  as  we  tackle  the  challenges  facing 
today  s  senior  security  executives. 


April  10-12, 2005 

Hyatt  Regency  Huntington  Beach 

Huntington  Beach,  CA 


'  ^ 

un 

ll 

NPl  • 

wM  * 

Sponsored  by 


Adobe 


Presented  by 

cso 

The  Resource  for 
Security  Executives 


We’ll  examine  this  complex  balancing  act  by  looking  at  what  the  top 
practitioners  are  thinking  and  doing,  and  by  listening  to  what  leading 
security  and  privacy  experts  think  will  affect  the  landscape  of  the  future. 


Governance  and  Convergence: 
Getting  It  Right 

The  convergence  of  physical  and  informa¬ 
tion  security,  if  effectively  governed  within 
an  organization,  assigns  accountability  for 
security  strategy  and  business  plan  cre¬ 
ation  at  the  highest  levels.  It  can  enable 
company  leadership  to  identify,  prioritize 
and  balance  security  issues  and  needs  of 
the  business  through  a  more  comprehen¬ 
sive  approach. 

Enterprise  Risk  Management: 

A  Matter  of  Focus 

Looking  at  and  balancing  risk  on  an  enter¬ 
prise  level  is  the  only  effective  way  to  man¬ 
age  a  corporation  in  our  very  complex 
world.  Explore  how  enterprise  risk  man¬ 
agement  can  give  a  single  view  of  all  types 
of  risks,  and  an  executive-level  manage¬ 
ment  strategy  to  deal  with  them. 

Security  as  a  Business  Enabler 

Perhaps  the  hardest  part  of  security  is  to 
cost  justify  it  and  show  its  value  to  the 
business.  It’s  like  buying  an  insurance 
policy— no  one  really  wants  to  spend  the 
money.  What  if  you  could  prove  that 
security  really  can  add  value? 

What’s  Privacy  Got  to  Do 
With  It? 

The  importance  of  balancing  privacy  and 
security  in  a  digital  age  is  only  overshad¬ 
owed  by  the  perceived  difficulty  of  actually 
doing  it.  The  current  economic,  legal,  and 
regulatory  challenges  after  9/11  have 
made  it  all  the  more  important  to  ensure 
the  adoption  of  good  laws  and  technolo¬ 
gies  that  protect  privacy  and  security  at 
the  same  time.  We  provide  a  roadmap. 

The  Cost  of  Compliance  vs.  the 
Cost  of  Non-Compliance 

Some  pundits  say  security  on  the  way  to 
becoming  a  fully-regulated  industry,  what 
with  an  increasing  number  of  official  direc¬ 
tives  from  legislative  bodies,  regulatory 
agencies  and  industry  consortia  around 
the  world.  Toss  in  partially  overlapping  or 


completely  diverse  requirements  from 
different  agencies  and  you’re  guaranteed 
that  compliance  will  be  that  much  more 
difficult— and  very,  very  expensive.  In  this 
session,  we  look  at  the  potential  costs  of 
compliance,  weighed  against  the  risks  of 
non-compliance.  What  can  CSOs  do  to 
understand  the  “dollars  and  sense”  of  it 
all,  and  to  prioritize  your  organization’s 
compliance  list? 

The  Role  of  Government:  One 
Step  Forward,  Two  Steps  Back? 

The  US  government,  particularly  DHS,  has 
had  tremendous  opportunities  to  advance 
the  public  good  and  protect  the  American 
economy  by  strengthening  both  cyber  and 
physical  security  and  by  building  more 
cooperative  relationships  with  the  private 
sector.  But  there’s  a  perception  that  it  has 
failed  to  seize  those  opportunities  and  to 
move  forward.  What  should  we  realistically 
expect— and  how  do  we  make  it  happen? 

The  Art  of  Persuasion: 

“Selling  Up”  in  the  Organization 

Senior  management  and  boards  of 
directors  often  still  view  security  as  an 
inconvenient  cost  of  doing  business.  Many 
CSOs  today  have  yet  to  report  directly  to 
the  CEO  or  stand  before  their  organiza¬ 
tions’  boards,  and  have  a  fair  way  to  go 
before  they’re  taken  seriously  as  C-level 
executives.  Each  of  our  panelists  brings  a 
unique  perspective  to  helping  CSOs 
perfect  the  art  of  persuasion. 

Plus  More  Peer-to-Peer 
Networking  Opportunities 

•  CSO  Golf  Tournament 

•  Moderated  Discussion  Groups 

•  Luncheon  Discussion  Roundtables 

•  DrillDown  Breakout  Sessions 

•  Networking  Receptions 

•  Sponsor  Hospitalities 


SPEAKERS 

Michael  J.  Assante,  CSO, 

American  Electric  Power 

Bob  Bragdon,  Publisher,  CSO  magazine 

David  Burrill,  CSO, 

British  American  Tobacco 

Roger  Cochetti,  Group  Director, 

US  Public  Policy,  CompTIA 

Bob  Hayes,  CSO,  CXO  Media  Inc. /IDG  & 
Former  CSO,  Georgia-Pacific  Corporation 

Nuala  Kelly,  Chief  Privacy  Officer,  DHS 
David  Kent,  CSO,  Genzyme  Corporation 

Lew  McCreary,  Editor  in  Chief, 

CSO  magazine 

James  McDonnell,  Chief  Security  & 
Information  Officer,  USEC  and  Former 
Director,  Protective  Security  Division 
of  the  Information  Analysis  and  Infrastructure 
Protection  Office,  DHS 

Peter  Metzger,  Partner,  Heidrick  &  Struggles 

Bhavesh  Patel,  Vice  President,  Information 
Security,  Genzyme  Corporation 

John  Pontrelli,  CSO, 

TriWest  Healthcare  Alliance 

Jeffrey  Rosen,  Professor  of  Law,  George 
Washington  University  and  Author  of  The 
Naked  Crowd  and  The  Unwanted  Gaze 

Jeff  Rosenthal,  Vice  President, 

BlessingWhite,  Inc. 

Marshall  Sanders,  Vice  President, 

Global  Security,  Level  3 

Krizi  Trivisani,  C/SO, 

George  Washington  University 

Ira  Winkler,  Industry  Guru  and  Author  of 
Corporate  Espionage  and  Spies  Among  Us 

Amit  Yoran,  Former  Director,  National  Cyber 
Security  Division  of  the  Information  Analysis 
and  Infrastructure  Office,  DHS 

Jonathan  Zittrain,  Conference  Moderator  and 
Cofounder,  Berkman  Center  for  Internet  & 
Society,  Harvard  Law  School 


To  register  and  for 
more  information 

call  800.366.0246  or  visit 
www.csoonline.com/conferences 


THE  MORE  YOU  AUTOMATE  YOUR 
CRITICAL  BUSINESS  PROCESSES, 
THE  MORE  VIGILANT  YOU  NEED  TO 
BE  ABOUT  PROTECTING  AGAINST 
FRAUD.  JUST  ASK  BANK  CIOs 
ABOUT  THE  GROWING  POTENTIAL 
FOR  FRAUD  WITH  DIGITAL  CHECKS. 
BY  ALLAN  HOLMES 


Reader  ROI 

::  Why  automating  your 
business  processes 
actually  increases  the 
likelihood  of  fraud 

::  How  the  move  toward 
processing  bank 
checks  digitally 
leaves  online  cus¬ 
tomers  vulnerable 

::  What  you  can  do  to 
protect  your  business 
from  theft  by  insiders 
and  organized  crime 


48 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  JEFFREY  MCCULLOUGH 


MARK  TIZZARD  (left),  VP  of  strategic  integration 
for  Wachovia  Bank,  and  BRIAN  McGINLEY,  senior 
VP  and  director  of  loss  management,  planned  care 
fully  for  the  move  to  digitally  processed  checks. 


Security 


Frank  W.  Abagnale  has  a  mes¬ 
sage  for  CIOs  who  think 
automation  will  save  loads  of 
money  and  protect  their  com¬ 
panies  from  fraud.  Abagnale, 
the  muse  for  the  movie  Catch  Me  If  You  Can, 
is  the  notorious  con  man  who  kept  the  FBI 
at  bay  for  decades  while  he  embezzled 
millions  of  dollars  out  of  unsuspecting 
individuals.  His  message:  Automation- 
business  processes  run  automatically 
without  human  intervention— could  actu¬ 
ally  make  fraud  easier  and  cost  more  in  the 
long  run. 

“What  I  did  40  years  ago  as  a  teenager 
is  2,000  times  easier  to  do  today,”  Abag¬ 
nale  says  now.  “Every  day,  criminals  are 
realizing  that  crime  is  getting  easier  than 
the  day  before  because  corporations  are 
going  digital.” 


creates  a  higher  risk  of  fraud  and  abuse. 
As  banks  make  digital  images  of  checks 
available  to  customers  online,  criminals 
can  more  easily  gain  access  to  the  infor¬ 
mation  they  need  to  create  counterfeit 
checks.  All  they  have  to  do  is  obtain  a  cus¬ 
tomer’s  user  name  and  password. 

Fraud  is  affecting  not  only  the  financial 
industry  but  other  industries  as  well. 
Health  care,  transportation,  utilities,  retail, 
government,  entertainment  and  others  are 
all  vulnerable.  Indeed,  any  business  that 
operates  a  network  to  process  payroll, 
employee  personnel  information,  con¬ 
tracting  or  financial  reporting  could  be  a 
victim  of  fraud.  And  if  you  don’t  think  it 
will  happen  to  you,  think  again,  warns 
Toby  Bishop,  president  and  CEO  of  the 
Association  of  Certified  Fraud  Examiners 
(ACFE).  “This  is  only  going  to  get  worse,” 


“Sometimes  you  roll  out  programs  and 
see  what  happens,”  Tizzard  says.  “But  this 
is  different.  People  need  to  be  prepared.” 

Denial  Ain’t  Just  a 
River  in  Egypt 

For  the  vast  majority  of  CIOs  interviewed 
for  this  article,  preventing  fraud  is  simply 
not  a  top  priority.  Nor  is  it  something  many 
are  willing  to  talk  about.  About  a  dozen 
CIOs  we  contacted  in  the  retail,  investment 
and  manufacturing  sectors  refused  to  talk 
to  us  about  how  they  are  defending  them¬ 
selves  against  fraud— if  at  all. 

Of  those  who  did  talk  to  us,  many  have 
the  mistaken  perception  that  automation 
will  reduce  fraud.  One  CIO  for  an  insurance 
company  told  us  that  when  company  exec¬ 
utives  agreed  to  deploy  a  new  electronic 


Why  trust  a  former  fraudster,  you  might 
ask?  Because  he  and  other  fraud  experts 
can  prevent  you  from  being  defrauded  by 
criminals  who  attack  corporate  networks 
for  information  that  they  can  harness  to 
steal  on  a  large  scale.  And  indeed,  Abag¬ 
nale  is  among  a  growing  army  of  consult¬ 
ants  who  are  working  with  CIOs  at  some  of 
the  nation’s  largest  banks  to  fight  what 
many  believe  will  be  a  surge  in  check  fraud, 
already  at  $19  billion  a  year,  as  banks  move 
from  processing  paper  checks  to  trans¬ 
porting  digital  check  images  to  other  banks 
and  customers. 

The  Check  Clearing  for  the  21st  Century 
Act  (Check  21),  a  federal  law  that  allows 
for  the  creation  and  processing  of  digital 
check  images  and  substitute  checks,  is  one 
of  the  more  significant  business  process 
automation  transformations  in  the  private 
sector.  It  is  expected  to  save  the  banking 
industry  $2  billion  to  $3  billion  a  year  in 
labor  and  transportation  costs,  which 
include  flying  42  billion  checks  around 
the  country  every  year.  Yet  Check  21  also 


Bishop  warns.  “Pretty  soon  we  will  have 
war  rooms  with  technologists  working 
24/7  fighting  fraud.” 

The  bad  news  is  that  completely  elimi¬ 
nating  fraud  from  business  is  impossible, 
experts  say.  The  good  news  is  that  CIOs  can 
minimize  the  potential  for  losses  by  devel¬ 
oping  antifraud  strategies  in  the  initial 
design  phase  of  an  automation  project, 
and  continuing  to  make  it  a  high  priority 
throughout  daily  operations.  But  this 
requires  a  revolutionary  shift  in  thinking 
and  culture  for  many  organizations.  That’s 
because  too  many  CIOs,  including  most  of 
the  executives  we  interviewed,  don’t  con¬ 
sider  fraud  prevention  a  high  priority.  They 
tend  to  be  much  more  focused  on  the  ROI  of 
business  automation  and  the  improved 
service  to  customers  rather  than  the  vul¬ 
nerabilities  a  new  electronic  process  creates. 

As  IT  automation  becomes  more  critical 
to  corporate  revenue,  an  entirely  new 
mind-set  is  necessary.  Mark  Tizzard,  vice 
president  of  strategic  integration  for 
Wachovia  Bank,  admits  as  much. 


process  to  handle  claims,  the  business  argu¬ 
ment  behind  the  system  was  not  only  to 
lower  costs  but  to  reduce  the  incidents  of 
fraud  as  well.  The  executives  had  not  con¬ 
sidered  the  possibility  that  the  system  could 
create  opportunities  for  new,  more  virulent 
means  of  fraud.  “I  really  haven’t  given  it  a 
whole  lot  of  thought,”  he  says. 

Many  CIOs  are  also  hampered  by  mis¬ 
perceptions  about  who  commits  fraud.  For 
instance,  while  executives  think  that  fraud 
is  typically  committed  by  outside  crimi¬ 
nals,  research  shows  that  about  85  percent 
of  all  fraud  is  perpetrated  by  employees. 
These  inside  fraudsters  will  account  for  an 
estimated  $660  billion  in  losses  this  year, 
up  from  $600  billion  in  2002,  according  to 
the  ACFE.  The  typical  employee  who 
commits  fraud  has  many  years  with  the 
company,  is  an  authorized  user,  is  in  a  non¬ 
technical  position,  has  no  record  of  being  a 
problem  employee,  uses  legitimate  com¬ 
puter  commands  to  commit  the  fraud  and 
does  so  mostly  during  business  hours. 

For  all  of  these  reasons,  CIOs  seem  to  be 


50 


FEBRUARY  1,  2005  |  www.cio.com 


IT’S  A  TEAM  EFFORT 


IZ2~SCEED  IN  F'GHTING  FRAUD,  CIOs  MUST  BRING 


Like  Other  companies,  many  banks  fight  fraud  in  a  very  decentralized  fash¬ 
ion,  with  antifraud  systems  for  each  of  their  separate  product  offerings.  The  checking 
department,  for  instance,  has  an  antifraud  group  to  fight  check  fraud.  The  credit  card 
department  has  an  antifraud  credit  card  system,  as  does  the  mortgage  group.  The 
group  operating  ATMs  has  yet  another  system,  and  the  wire  group  has  their  own 
fraud  detection  system. 

These  silos  must  be  eliminated  if  banks  are  really  serious  about  stemming  fraudu¬ 
lent  attacks.  Unless  an  antifraud  system  is  scanning  for  anomalies  across  all  of  a  cus¬ 
tomer’s  accounts— checking,  brokerage,  savings,  ATM  withdrawals,  mortgage  and 
credit  cards— criminals  will  have  an  easy  time  hiding  their  tracks.  By  picking  up 
unusual  activity  in  several  products  within  one  customer’s  account,  bank  officials 
can  connect  the  dots  of  a  fraud  attempt,  making  it  easier  to  more  quickly  stop  the 
attack.  "Banks  need  a  holistic  view  of  the  customer  relationship,”  says  Brian  McGin- 
ley,  senior  vice  president  and  director  of  loss  management  at  Wachovia  Bank. 

To  fight  fraud  across  the  enterprise,  Gary  Cawthorne,  vice  president  and  manag¬ 
ing  partner  of  the  global  banking  practice  at  Unisys,  which  consults  with  banks  on 
instituting  Check  21,  suggests  creating  a  cross-organizational  team  composed  of 
managers,  marketing  representatives,  check  processors,  IT  staff  and  others.  The 
team  should  discuss  what  the  existing  paper-based  business  process  is  and  what 
will  change  in  each  department  when  an  electronic  process  is  deployed.  Such  cross- 
departmental  dialogues  can  lead  to  business  process  changes  that  improve  fraud 
detection.  “Maybe  we  do  [check]  scanning  at  9  a.m.  instead  of  9  at  night,"  Cawthorne 
says.  That  way,  you  have  a  12-hour  jump  in  spotting  a  fraudulent  check. 

To  succeed  with  this  approach,  the  CIO  or  security  executive  must  bring  together 
departments  that  traditionally  have  not  cooperated— not  out  of  spite,  but  because 
they  rarely  have  been  asked.  Without  cooperation  and  dialogue,  companies  will  con¬ 
tinue  to  experience  big  losses  from  fraud.  “Automation  in  and  of  itself  is  not  a  prob¬ 
lem,”  says  Joseph  Koletar,  a  principal  in  the  investigative  and  dispute  practice  at  Ernst 
&  Young.  “But  done  in  a  vacuum,  it  can  have  unintended  consequences.”  -A.H. 


seriously  underestimating  the  potential  for 
fraud  with  automation.  According  to  a  2003 
KPMG  survey,  43  percent  of  IT  executives 
believed  fraud  would  decrease  in  the  future. 
By  comparison,  only  7  percent  believed  fraud 
would  increase.  As  a  result,  CIOs  are  under¬ 
equipped  to  deal  with  the  problem.  Only  one- 
third  of  companies  have  a  comprehensive 
fraud  program  in  place,  according  to  a  recent 
survey  by  PricewaterhouseCoopers. 

Yet  at  the  same  time,  more  than  80  per¬ 
cent  of  companies  reported  that  attacks  on 
their  networks  have  increased,  and  one  in 
five  said  a  hacker  has  infiltrated  their  com¬ 
pany’s  network,  according  to  the  Computer 
Security  Institute.  What’s  troubling  about 
these  statistics  is  that  corporations  are  now 
automating  processes  directly  linked  to 
generating  revenue  and  profits.  In  years 
past,  CIOs  focused  on  easier,  less  critical 
processes,  such  as  electronic  employee 
expense  forms  and  giving  employees  the 
ability  to  sign  up  for  vacation  time  online. 
Now,  CIOs  are  automating  the  processes 
central  to  a  business’s  operations.  This 
promises  to  bring  a  higher  rate  of  ROI,  but 
also  a  higher  risk  of  fraud  and  abuse.  It’s  as 
if  CIOs  are  playing  a  version  of  the  arcade 
game  whack-  a-mole,  only  a  more  costly  one. 
CIOs  use  automation  like  a  hammer  to 
smash  fraud  in  one  place,  only  to  see  it  pop 
up  unexpectedly  in  another  place. 

Automated  systems,  particularly  when 
they  are  enterprisewide,  are  vulnerable  for 
a  number  of  reasons.  First,  they  require  sig¬ 
nificant  changes  in  work  processes  and 
cultural  shifts  throughout  the  company. 
Employees  are  not  used  to  the  new  pro¬ 
cesses,  and  therefore  not  attuned  (nor 
trained)  to  see  anomalies  that  indicate  fraud. 
In  addition,  these  new  processes  tend  to  be 
highly  complex,  which  makes  weak  links  in 
the  system  more  difficult  to  identify.  This 
could  explain  why  some  Russian  hackers 
were  successful  at  hacking  into  personal 
accounts  at  major  U.S.  banks  and  online 
payment  services  in  the  latter  half  of  the 
1990s,  when  that  online  business  was  rela¬ 
tively  new. 

“CIOs  tend  to  underestimate  the  poten¬ 
tial  for  fraud  when  they  change  business 
processes,”  ACFE’s  Bishop  says.  “They  tend 
to  fight  yesterday’s  battles,”  designing 
defenses  for  schemes  that  they  know  about. 


Scamming  Digital 
Checks 

Take  Check  21,  for  example.  Banks  invested 
in  Check  21  for  two  reasons.  First,  it  will  save 
the  industry  an  estimated  $2  billion  a  year  in 
paper  check  processing  costs.  Second,  bank 
CIOs  and  their  executive  colleagues  believe 
the  automation  will  cut  into  the  $20  billion 


that  banks  lose  to  check  fraud  every  year. 
Their  reasoning  is  sound.  If  a  criminal  pres¬ 
ents  a  fraudulent  check,  within  hours  the 
bank  takes  a  digital  image  of  the  check  and 
sends  it  to  the  issuing  bank.  Using  software 
algorithms,  the  issuing  bank  looks  at  certain 
aspects  of  the  check— such  as  the  check  num¬ 
ber,  the  payee,  handwriting  and  the  dollar 


www.cio.com  |  FEBRUARY  1.  2005 


51 


Sz&z'^^Siakz&h^s 


w&mxwgmmm 


mna'yffa&g«feM 

J  -■  ■  :  --  /  <  ’ 


Mmmp 

gj  fc]^  ^  n  \  oWi : 


Security 


amount  of  the  check— to  quickly  determine  if 
the  check  is  valid  or  not.  Under  the  paper 
process,  the  issuing  bank  wouldn’t  receive  the 
paper  check  for  days,  and  the  criminal  would 
be  long  gone  with  the  money. 

But  Check  21  also  creates  new  opportuni¬ 
ties  to  perpetrate  fraud.  Criminals  can  more 
easily  steal  information  from  customers’  on¬ 
line  bank  accounts  to  create  authentic-looking 
counterfeit  checks.  All  they  need  is  the  cus¬ 
tomer’s  user  name  and  password.  Such  infor¬ 
mation  can  be  obtained  through  phishing 


is  obtained,  “they  really  have  the  keys  to  the 
financial  kingdom  of  the  customer,”  says  Ori 
Eisen,  CEO  and  president  of  The  41st  Para¬ 
meter,  an  Internet,  telephone  and  mail-order 
fraud  prevention  company. 

Banks  claim  they  will  be  able  to  stop  pay¬ 
ment  on  fraudulent  checks  faster  because  an 
issuing  bank  will  receive  the  check  image 
faster.  But  the  speed  with  which  checks  will  be 
processed  also  will  reduce  the  time  that  a 
bank’s  fraud  examiners  have  to  identify  a 
fraudulent  check.  Moreover,  most  banks  plan 


I  DON’T  THINK  WE  KNOW  YET  WHERE  ALL  THE 
FRAUD  OPPORTUNITIES  CAN  OR  WILL  MANIFEST 
THEMSELVES  UNTIL  WE  GET  FURTHER  INTO 
DIGITAL  CHECK  PROCESSING.” 

-WILTON  DOLLOFF,  HUNTINGTON  BANCSH ARES 


schemes  that  send  official-looking  e-mails  and 
Web  links  to  a  bank’s  customers,  asking  them 
to  update  their  user  names  and  passwords. 
By  breaking  into  an  online  bank  account  and 
viewing  a  customer’s  check  images,  criminals 
now  have  access  to  far  more  damaging  infor¬ 
mation  that  they  can  use  to  circumvent  a 
bank’s  traditional  methods  of  fraud  detection. 
For  example,  the  criminal  potentially  could: 

■  Find  out  what  check  numbers  the  cus¬ 
tomer  is  using  (if  check  numbers  are  signifi¬ 
cantly  out  of  sequence,  it  can  be  an  indication 
that  the  check  is  fraudulent). 

■  Get  an  exact  digital  replica  of  the  cus¬ 
tomer’s  signature,  which  can  be  downloaded 
and  easily  copied  using  off-the-shelf  com¬ 
puter  equipment  and  printers. 

■  Mimic  the  customer’s  style  in  writing  the 
date— such  as  mm/dd/yyyy— and  their  hand¬ 
writing  style  in  general. 

■  Obtain  the  names  of  people  to  whom  the 
customer  frequently  writes  checks  (payees 
that  show  up  often— such  as  a  mortgage  com¬ 
pany,  a  spouse  or  a  dependent— typically  do 
not  indicate  fraud). 

■  Obtain  the  typical  dollar  amount  that 
checks  are  written  for  so  that  large  dollar 
amounts  don’t  raise  a  flag. 

Criminals  may  also  gain  online  access  to  a 
customer’s  credit  card  accounts  and  stock 
and  bond  investments.  Once  this  information 


to  destroy  the  paper  check  after  the  image  is 
created.  Some  banks  plan  to  shred  checks 
immediately,  while  others  will  hold  on  to 
paper  checks  for  a  few  weeks  or  even  months. 
When  a  check  is  destroyed,  any  evidence  not 
captured  by  the  image— such  as  fingerprints 
or  detailed  security  features— is  lost.  Finally, 
the  check  image  is  made  on  a  gray  scale,  which 
means  it  does  not  show  details  as  well  as  the 
physical  paper  check  or  a  color  image  of  the 
check.  Details  in  the  gray  image  that  could  tip 
off  banks  that  the  check  is  a  fraud  may  be  lost. 

All  these  new  vulnerabilities  lead  Frank 
Liddy,  partner  in  the  North  American  banking 
practice  at  the  consultancy  Unisys,  to  conclude 
that  bankers  have  yet  to  fully  realize  the  extent 
to  which  they  are  susceptible  to  increased  fraud 
with  Check  21.  “This  is  bigger  than  any  bank  or 
banker  can  realize,”  he  warns. 

How  to  Outwit 
the  Bad  Guys 

Despite  such  loopholes,  Check  21  and  other 
automated  processes  are  here  to  stay.  So  what 
can  CIOs  do?  A  lot,  it  turns  out. 

The  answers  do  not  lie  in  better  technology 
for  detecting  fraud,  although  that  is  important, 
but  rather  in  planning  fraud  detection  for 
whatever  automated  process  is  being  installed, 
and  then  preparing  the  entire  company  for  the 


www.cio.com  |  FEBRUARY  1,  2005 


53 


Security 


change  through  frequent  meetings.  CIOs  will 
have  to  reach  out  to  the  executive  in  charge  of 
fraud  detection,  typically  the  CFO,  and  to 
other  executives  who  play  important  roles  in 
the  work  process.  They  will  have  to  lead  the 
effort  to  make  antifraud  strategies  one  of  the 
key  drivers  in  creating  new  automated  busi¬ 
ness  processes  that  work. 

That’s  exactly  what  Tizzard,  who  led 
Wachovia  Bank’s  Check  21  implementa¬ 
tion,  did. 


by  organized  crime  are  on  the  rise.  As  a  result, 
antifraud  processes  are  more  important  than 
ever  to  Wachovia  and  the  banking  industry. 

To  mitigate  the  risk  of  fraud  from  Check 
21,  McGinley  organized  a  task  force  within 
his  department  to  identify  what  in  the  new 
process  could  potentially  create  additional 
fraud  vulnerabilities  and  which  of  the 
antifraud  measures  Wachovia  already  had 
in  place  (both  manual  and  automated  pro¬ 
cesses)  could  be  applied  to  solve  those  new 


sitive  should  the  automatic  scanning  system 
be  for  picking  up  deviations? 

Wachovia  also  has  to  decide  how  the 
scanning  system  should  interface  with  other 
antifraud  systems.  For  example,  Wachovia 
operates  an  application  that  scans  for 
deposits  that  are  unusually  large,  which 
may  indicate  fraud.  Wachovia  plans  to  link 
the  deposit  analysis  application  with  the 
check  scanning  analysis,  so  that  if  a  check 
scan  picks  up  an  anomaly  in  a  signature,  for 


IT’S  AS  IF  CIOs  ARE  PLAYING  A  VERSION  OF  THE  ARCAD E GAME  WHACK 
A-MOLE  ONLY  A  MORE  COSTLY  ONE.  THEY  USE  AUTOMATION  LIKE 
£  HAMMER  TO  SMASH  FRAUD  IN  ONE  PLACE.  ONLY  TO  SEE  IT  POP  UP 
UNEXPECTEDLY  IN  ANOTHER  PLACE. 


Tizzard  says  the  bank  approached  the 
move  to  Check  21  as  it  would  a  merger  with 
a  large  bank.  Even  before  the  law  was  signed, 
Wachovia  made  plans  on  how  it  would  roll 
out  Check  21,  which  won’t  be  fully  imple¬ 
mented  until  late  2006.  After  the  law  was 
signed,  Tizzard  and  a  small  team  of  other 
Wachovia  executives  traveled  nationwide  to 
involve  everyone  in  the  discussion— from  the 
CEO  to  department  leaders  (especially  the 
risk  management  and  loss  management 
groups)  to  the  bank’s  IT  shop  and  product 
groups.  “Everyone  had  an  input  on  what  the 
law  would  do,”  Tizzard  says.  “We  knew  this 
could  be  a  Pandora’s  box.  We  overprepared.” 

Tizzard  and  the  other  Wachovia  executives 
educated  managers  on  how  the  new  auto¬ 
mated  process  would  work  and  what  the 
change  meant  for  them  and  their  customers. 
Showing  bank  tellers  how  to  recognize  legiti¬ 
mate  substitute  checks  was  particularly 
important.  “We  were  not  exactly  well-received, 
but  once  we  began  meeting  with  them,  we  fre¬ 
quently  stayed  another  hour,”  Tizzard  says. 

Wachovia  has  experienced  a  120  percent 
increase  in  the  number  of  fraud  attempts  in 
the  past  two  years,  yet  the  bank  has  been  able 
to  marginally  decrease  the  monetary  value 
of  losses  during  that  same  period,  says  Brian 
McGinley,  senior  vice  president  and  director 
of  loss  management  at  Wachovia.  However, 
McGinley  reports  that  the  sophistication  of 
the  fraud  is  increasing,  and  fraud  attempts 


issues.  For  example,  McGinley  says  the 
encryption  techniques  and  other  security 
applications  that  protect  customer  accounts 
and  identities  should  be  able  to  protect  indi¬ 
vidual  check  images  from  hackers. 

However,  other  issues  did  come  up.  Bank 
loss  management  teams,  for  example,  are  not 
sure  how  sensitive  to  make  the  digital  check 
scanning  system  that  the  bank  plans  to  deploy 
as  an  antifraud  measure.  The  system  will  use 
biometrics  to  compare  a  genuine  check— such 
as  a  check  written  for  a  small  amount  to,  say, 
the  electric  company— with  newly  written 
checks  under  the  same  account.  For  example, 
the  system  will  compare  signatures,  as  well  as 
the  placement  and  accuracy  of  the  Wachovia 
logo,  and  verify  the  Magnetic  Image  Character 
Recognition  (MICR)  line,  which  is  the  mag¬ 
netic  ink  that  prints  the  router  and  account 
numbers  at  the  bottom  of  the  check. 

Wachovia  can  program  the  system  to 
send  questionable  checks  back  for  nonpay¬ 
ment  or  to  a  database  and  fraud  queue  so 
that  an  analyst  in  the  group  can  examine  the 
check  for  accuracy.  But  customers  often  do 
not  follow  predictable  behavior,  such  as 
using  sequential  checks.  And  with  joint 
accounts,  business  partners  or  husbands 
and  wives  will  have  different  handwriting 
styles  and  may  use  different  series  of  check 
numbers,  both  of  which  make  identifying 
the  exceptions  more  difficult,  McGinley 
says.  So  the  question  remains:  Just  how  sen- 


instance,  it  could  link  that  to  an  unusually 
large  deposit  flagged  by  the  deposit  applica¬ 
tion  analysis.  Taken  in  isolation,  the  differ¬ 
ence  in  the  signature  may  not  be  significant 
enough  to  raise  concern,  but  when  matched 
with  the  largest  deposit  in  another  account, 
it  could  increase  the  likelihood  that  the 
check  is  kicked  out  for  further  analysis. 

Wilton  Dolloff,  executive  vice  president  of 
operations  and  technology  at  Huntington 
Bancshares  in  Columbus,  Ohio,  says  banks 
must  cooperate  in  order  to  trust  each  other’s 
processes  for  taking  images,  analyzing  the 
images  and  sending  what  they  believe  to  be 
lawful  checks.  That  may  mean  allowing  other 
banks,  including  competitors,  to  view  check 
processing  operations,  and  “to  know  if  some¬ 
thing  breaks  on  your  side  or  my  side,  what  are 
we  going  to  do?”  Dolloff  says. 

Dolloff  and  Tizzard  both  say  that  the  full 
impact  of  Check  21  will  not  be  known  for  sev¬ 
eral  years.  While  some  steps  can  be  taken  to 
reduce  fraud  and  prepare  for  it,  no  amount  of 
planning  will  eliminate  fraud  altogether.  “I 
don’t  think  we  know  as  an  industry  yet  where 
all  the  fraud  opportunities  can  or  will  mani¬ 
fest  themselves  until  we  get  further  into  it, 
until  we  see  it  on  a  larger  scale,”  Dolloff  says. 
“We  simply  don’t  know  how  we  are  going  to 
be  attacked.”  HEJ 


Washington  Bureau  Chief  Allan  Holmes  can  be 
reached  at  aholmes@cio.com. 


54 


FEBRUARY  1,  2005  |  www.cio.com 


Middleware  is  Ever 


are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corpo 
I  rights  reserved 


WebSphere 

MIDDLEWARE  IS  IBM  SOFTWARE.  WebSphere  Portal, 
part  of  the  IBM  Workplace  Family,  connects  partners, 
employees,  and  customers  worldwide.  It’s  how  to  access 
multiple  applications  on  one  screen  and  on  virtually  any 
kind  of  device.  An  end-to-end  solution  that  helps  improve 
productivity  and  reduce  costs  as  it  enables  on  demand 
business.  It’s  an  accessory  that  you  just  can’t  live  without. 

1.  Sales  associate  checks  online  inventory. 

2.  Manager  uploads  revenue  goals. 

3.  Supervisor  gets  employee  overtime  info. 

4.  Cashier  IMs  downtown  store  location. 

5.  Everyone  accessing  info  via  one  portal. 

Middleware  for  the  on  demand  world.  Learn  more  at  ibm.com/middleware/portals  QJJ  DEMAND  BUSINESS' 

53* 


CIOs  grappling  with  an 
increasingly  complex 
marketplace  are  finding 
relief— and  better  relation¬ 
ships  with  vendors— by 
forming  VMOs  within  their 
organizations.  Here’s  how. 


Manage 
Vendors 


When  Carl  Ascenzo 


took 


BY  SUSANNAH  PATTON 


/ 

/ 

over  as  CIO  of  Blue  Cross 


Blue  Shield  (BCBS)  of  Massachusetts  four  years  ago,  the  health  insurance  company  out¬ 
sourced  most  of  its  data  center  operations,  help  desk  and  code  programming  to  a  single 
vendor:  EDS.  Today,  however,  EDS  is  only  one  of  four  large  technology  providers  working 
with  the  New  England  health  insurer. 

In  order  to  handle  the  increasingly  complicated  negotiations  with  his  growing  sta¬ 
ble  of  vendors,  Ascenzo  expanded  a  group  within  IT  known  as  the  vendor  management 
office  (VMO).  Although  a  rudimentary  VMO  existed  when  he  arrived  at  BCBS,  Ascenzo 
added  to  its  responsibilities,  building  a  group  that  oversees  RFPs,  works  with  legal  coun¬ 
sel  on  all  contracts  and  maintains  relationships  with  all  vendors.  Whereas  the  initial 
vendor  management  group  dealt  with  invoices  and  back-end  activity,  the  VMO  now  gets 
involved  at  the  start  of  negotiations  and  helps  IT  managers  make  informed  decisions  on 
which  vendor  can  offer  the  best  deal  and  the  best  service  for  a  particular  project.  BCBS’s 
VMO— led  by  a  manager  with  financial  and  IT  experience— also  makes  sure  the  ven¬ 
dors  know  about  each  other  in  order  to  foster  healthy  competition  among  them,  which 
ultimately  leads  to  better  products,  services  and  pricing  for  BCBS. 


Reader  ROI 

::  How  to  set  up  a  successful  vendor 
management  office 

::  What  a  VMO  does 

::  The  benefits  and  pitfalls  of  a  VMO 


56 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  CHRISTOPHER  NAVIN 


CARL  ASCENZO,  CIO  of  BLUE  CROSS 
BLUE  SHIELD  OF  MASSACHUSETTS, 
expanded  the  insurer’s  vendor  man¬ 
agement  office  to  unravel  the  maze  of 
complex  vendor  negotiations. 


Vendor  Management 


“When  we  moved  from  being  a  single- 
sourced  company  to  a  multivendor  model,  it 
became  clear  we  needed  an  expert  who 
knew  all  the  vendors,  was  out  in  the  mar¬ 
ketplace  all  the  time,  and  was  well-versed  in 
contracts  and  negotiations,”  Ascenzo  says. 
“The  result  is  that  the  prices  we  are  getting 
are  always  competitive,  and  the  quality  of 
the  work  has  improved.” 

BCBS’s  use  of  a  VMO  is  not  uncommon. 
Organizations  grappling  with  more  com¬ 


Sao  Paulo,  Brazil.  “The  dream  of  any  VMO 
[head]  is  to  offer  his  or  her  enterprise  exactly 
the  combination  of  resources  and  services 
that  are  needed,  and  to  pay  for  exactly  what 
you  are  using.  It’s  not  that  the  IBMs  and 
Hewlett-Packards  of  the  world  are  dishon¬ 
est;  they  just  don’t  know  your  company.” 

VMOs  started  to  appear  on  the  corpo¬ 
rate  IT  landscape  after  2000,  when  the 
economy  soured  and  CIOs  were  forced  to 
justify  IT  spending.  In  order  to  get  the  best 


JIM  LESTER,  AFLAC  CIO,  hired  a  VMO  manager  who 
knew  technology  as  well  as  finance  and  legal  issues. 


plex  IT  offerings  and  juggling  multiple  ven¬ 
dors  are  increasingly  forming  VMOs 
within  their  IT  departments.  They  are  look¬ 
ing  for  cost  savings  but  also  better  service 
and  more  control  over  the  technology  buy¬ 
ing  process.  With  a  quickly  changing  tech¬ 
nology  market  and  a  shift  toward  more 
outsourcing  and  multiple  vendors,  CIOs 
are  often  uncertain  whether  they  are  get¬ 
ting  the  best  deals  from  vendors. 

“The  market  today  has  become  very 
sophisticated,  especially  with  the  increase 
in  outsourcing,”  agrees  Cassio  Dreyfuss,  a 
Gartner  vice  president  of  research  based  in 


deals,  CIOs  subsequently  began  working 
with  a  greater  variety  of  vendors.  The 
increase  in  outsourcing  has  also  pushed 
more  CIOs  to  consider  centralizing  their  IT 
procurement.  After  2000,  some  companies 
began  to  form  “sourcing  offices”  that  over¬ 
saw  spending  on  IT  services.  And  large 
vendors— such  as  IBM  and  HP— started  to 
bundle  IT  services  with  hardware  and  soft¬ 
ware  to  meet  individual  companies’  needs. 
“This  means  that  buying  IT  now  requires  a 
deeper  knowledge  of  different  aspects  of 
technology,”  Dreyfuss  says. 

With  a  dedicated  VMO  within  the  IT 


department,  a  CIO  can  more  easily  manage 
relationships  with  multiple  vendors,  keep 
track  of  metrics  and  vendor  performance, 
and  negotiate  discounts  on  IT  services  and 
products.  While  a  project  manager  may 
know  best  what  technology  is  needed  for  a 
specific  project,  a  VMO  can  help  make  sure 
the  company  gets  the  most  competitive 
offers  from  vendors.  That’s  precisely  why 
having  a  VMO  within  your  organization  can 
be  a  good  idea.  And  it’s  also  why  we’ve  asked 
three  CIOs  with  experience  managing  a 
VMO  for  their  tips  and  advice. 


HOWTO 

STRUCTURE  A  VMO 

After  Jim  Lester  was  appointed  CIO  of 
Columbus,  Ga. -based  insurance  giant  Aflac 
in  2001,  he  set  out  to  change  the  way  the  com¬ 
pany  buys  hardware,  software  and  IT  serv¬ 
ices  by  creating  a  VMO.  He  had  been  on  the 
other  side  of  the  fence  in  his  previous  job  as  a 
software  vendor  and  wanted  to  create  a  sys¬ 
tem  in  which  Aflac  would  be  able  to  get  the 
best  technology  deals.  That  would  mean  treat¬ 
ing  vendors  with  respect,  but  also  making 
them  compete  amongst  themselves  to  provide 
discounts  when  possible. 

Lester’s  first  task  was  to  find  a  VMO 
manager  with  an  understanding  of  tech¬ 
nology  and  experience  in  finance  and  legal 
issues.  He  knew  that  someone  with  this  com¬ 
bination  of  skills  would  be  best  equipped  to 
handle  accounting  and  contract  issues.  After 
searching  for  several  months,  he  hired 
Stephen  Guth,  a  former  programming  ana¬ 
lyst  who  had  also  earned  a  law  degree  and 
worked  as  senior  manager  of  sales  opera¬ 
tions  support  for  Dell. 

Over  three  years,  Lester  and  Guth  have 
put  together  a  process  in  which  IT  man¬ 
agers  create  project  briefs  and  submit  some 
of  them  to  the  VMO,  which  in  turn  finds 
the  best  deals— in  terms  of  price,  quality, 
and  vendor  commitment  and  expertise— 
from  vendors  and  negotiates  IT  contracts 
for  Aflac.  The  project  brief  is  generally  a 
two-page  description  of  an  IT  project, 
drawn  up  by  the  project  sponsor,  that 
includes  a  full  explanation  of  the  technol¬ 
ogy  and  business  needs. 

Guth  and  his  group,  working  with  the 


58 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  STAN  KAADY 


project  sponsor,  then  start  looking  for  an 
appropriate  vendor,  basing  the  search  on 
their  own  research,  experience  and  vendor 
metrics.  Once  negotiations  start  with  a 
vendor,  after  a  complete  RFP  process,  Guth 
uses  his  own  standardized  contracts  rather 
than  relying  on  those  drawn  up  by  the  ven¬ 
dor.  “When  you  set  up  a  standardized  prac¬ 
tice  [for  vendor  selection]  with  people  who 
do  it  over  and  over  again,  you  are  going 
to  get  the  best  deals  for  your  company,” 
says  Lester. 

This  centralized  approach  has  formalized 
Aflac’s  relationships  with  vendors  that  in  the 
past  were  handled  on  an  ad  hoc  basis.  Before 
the  VMO,  vendors  met  with  a  wide  variety 
of  IT  managers  and  even  technology  users. 
Aflac’s  technology  projects  are  now  com¬ 
pletely  aligned  with  business  initiatives,  says 
Lester,  because  they  are  initiated  by  the  busi¬ 
ness,  not  by  technology  vendors. 

Aflac  treats  its  VMO  as  a  concrete  office 
with  a  dedicated  team.  But  a  VMO  can  also  be 
a  virtual  office,  experts  say,  made  up  of  indi¬ 
viduals  in  disparate  geographical  locations. 
Most  important,  though,  the  VMO  should 
remain  within  the  IT  department  if  CIOs 
want  to  maintain  control  over  technology 
procurement.  “The  CIO  has  traditionally 
been  focused  on  IT,”  Gartner’s  Dreyfuss  says. 
“But  we  are  telling  them  they  need  to  estab¬ 
lish  a  [business-level]  relationship  with  the 
CFO  and  business  leaders.  This  will  be  easier 
to  do  with  a  VMO  in  place.”  Dreyfuss  says 
that  in  rare  cases  companies  have  expanded 
the  VMO  to  include  all  types  of  procurement. 
But  he  says  this  type  of  arrangement  can  lead 
to  turf  wars. 

The  VMO  is  still  in  its  infancy,  however,  and 
there  are  no  Firm  statistics  that  show  how  many 
companies  have  one.  VMOs  are  especially 
appealing  to  large  companies  with  diverse  IT 
needs,  simply  because  they  are  handling  so 
many  vendor  relationships.  But  the  centralized 
office  isn’t  for  every  company.  In  industries 
where  competitiveness  is  not  based  on  IT- 
such  as  petrochemical  and  steel  or  paper  mill 
companies— a  VMO  may  not  be  necessary 
because  vendor  relationships  are  relatively 
static.  In  large  multinationals  with  offices 
around  the  globe,  a  single,  centralized  VMO 
may  be  difficult  to  implement.  And  small  com¬ 
panies,  which  simply  don’t  have  very  many 
vendor  relationships,  may  not  need  it. 


A  VMO’s  Duties 

SET  UP  formal  RFP  process  and 
oversee  all  RFPs 

■  MONITOR  vendor  performance 
using  Balanced  Scorecard  or 
other  method 

NEGOTIATE  contracts  with  vendors 

■  WORK  with  project  managers 
to  oversee  IT  budgeting 

DEVELOP  form  agreements 
and  contracts  in  order  to  avoid 
signing  contracts  always  drawn 
up  by  vendors 

■  LEARN  vendor  tactics  and  how  to 
use  them  to  company’s  advantage 

STAY  abreast  of  market  conditions 
and  pricing  trends 

■  CATEGORIZE  suppliers  into 
groups  such  as  “strategic”  and 
“commodity”;  a  strategic  supplier 
should  have  good  access  to  the  CIO 

-S.P. 


ONE  ADVANTAGE  OF 
A  VMO:  SAVE  MONEY 

CIOs  report  that  VMOs  have  saved  them 
money  in  hardware,  software  and  IT  serv¬ 
ices,  mainly  because  they  are  constantly 
comparing  prices  and  vendors.  “An  appli¬ 
cation  development  manager  may  go  into 
the  market  two  or  three  times  a  year,”  says 
BCBS’s  Ascenzo.  “But  those  in  a  VMO  are 
constantly  in  the  marketplace  and  there¬ 
fore  are  very  aware  of  market  changes.  The 
VMO  is  invaluable  when  it  conies  to  react¬ 
ing  to  market  changes,”  he  says. 

At  the  American  Red  Cross,  CTO  Dave 
Clarke  says  he  has  cut  ongoing  operating 
costs  by  more  than  20  percent  from  three 
years  ago  by  rebidding,  restructuring  or  not 
renewing  contracts  with  software  and  hard¬ 
ware  vendors  that  his  VMO  has  found  to  be 
performing  poorly.  Clarke  says  the  VMO  has 
helped  him  save  money  by  tracking  spend¬ 
ing,  which  helps  the  management  teams  find 
better  deals.  “The  VMO  is  a  major  element  of 
our  approach  to  financial  rigor,”  Clarke  says. 


The  collaboration  between  Guardian 
Life  Insurance’s  VMO  and  its  telecommu¬ 
nications  department  has  helped  the  com¬ 
pany  cut  telecom  costs  by  35  percent  by 
negotiating  a  new  contract,  says  Rick 
Omartian,  CFO  for  IT.  By  bringing  in  all  of 
the  major  telecom  players  in  an  RFP 
process,  the  company  found  that  it  could 
save  money  by  switching  from  MCI  World¬ 
Com,  which  had  been  chosen  several  years 
before  by  the  head  of  the  company’s  tele¬ 
communications  department,  to  Sprint  and 
Quest.  Before  Guardian  had  a  VMO,  con¬ 
tracts  were  often  negotiated  without  RFPs, 
which  meant  they  didn’t  always  get  the  low¬ 
est  price. 

Aflac  has  also  saved  money  through 
careful  negotiations  by  its  VMO.  Guth  says 
that  when  negotiating  with  a  supplier  on  a 
hardware  purchase,  he  can  leverage  vol¬ 
ume  discounts  by  adding  some  IT  services 
into  the  deal.  “Instead  of  using  two  compa¬ 
nies,  I’ll  use  one  and  get  a  big  discount,”  he 
says.  In  fact,  he  was  able  to  negotiate  such  a 
deal  with  IBM,  which  provides  both  desk¬ 
tops  and  services  to  Aflac. 

Guth  emphasizes  that  first  and  foremost, 
his  goal  with  the  VMO  is  to  “maximize 
Aflac’s  tech  investments  so  that  the  com¬ 
pany  pays  a  fair  and  reasonable  price  in 
return  for  superior  delivery.”  He  reminds 
CIOs  that  getting  the  lowest  price  is  some¬ 
times  less  important  than  assuring  a  ven¬ 
dor  performs  well  and  brings  in  senior  staff 
to  do  the  job.  “Some  customers  are  not 
savvy  and  try  to  get  a  supplier  down  on 
price  at  any  cost,”  he  says. 

CREATING  VENDOR 
COMPETITION 

Guth  also  notes  that  the  VMO  allows  Aflac 
to  minimize  risk  by  creating  its  own  pur¬ 
chase  agreements;  the  majority  of  its  deals 
have  contracts  drafted  by  Guth  rather  than 
by  vendors.  While  such  an  approach  isn’t 
restricted  to  a  VMO,  Guth’s  expertise  with 
legal  and  financial  issues  has  helped  him 
put  this  practice  in  place.  This  is  another 
good  reason  to  hire  the  right  person  to  head 
a  VMO. 

“When  I  got  here,  all  of  our  contracts  were 
on  supplier  paper,  whether  they  were  soft- 


www.cio.com  |  FEBRUARY  1,  2005 


59 


Vendor  Management 


ware  licenses  or  services,”  he  says.  “They 
were  all  slanted  to  the  supplier.  By  getting 
our  own  form  agreements,  we  help  reduce 
legal  risk  and  operation  risk.”  Microsoft,  for 
example,  has  negotiated  agreements  using 
Aflac’s  contracts,  he  adds,  giving  Aflac  pro¬ 
tection  against  possible  proprietary  rights 
infringement  and  any  other  contract-related 
risks.  Guth  speaks  with  pride  about  this 
accomplishment  but  admits  that  vendors 
haven’t  always  liked  working  from  Aflac’s 
contracts.  He  stresses  that  his  legal  back¬ 
ground  led  him  to  insist  that  Aflac  use  its 
own  contracts  wherever  possible  and  also 
notes  that  vendors  have  been  willing  to 
accept  the  unorthodox  arrangement  because 
Aflac  treats  vendors  fairly— not  always  driv¬ 
ing  for  the  rock-bottom  price. 


What’s  more,  vendors  working  with 
companies  that  have  VMOs  are  more  likely 
to  perform  competitively,  Ascenzo  says.  “We 
like  to  make  sure  our  vendors  know  about 
each  other  in  order  to  maintain  a  competi¬ 
tive  environment  and  drive  down  costs,” 
Ascenzo  says.  For  example,  EDS,  which 
does  middleware  integration  for  Blue  Cross 
Blue  Shield,  knows  that  BCBS  uses  other 
software  developers  to  work  on  its  Web 
browser  interface.  EDS  has  bid  on  that  work 
as  well. 

Joe  Fraser,  an  EDS  client  delivery  execu¬ 
tive  who  spends  most  of  his  waking  hours 
working  with  Ascenzo’s  VMO,  confirms 
that  thought.  “We  are  a  preferred  vendor 
right  now,  but  by  no  means  are  we  entitled 
to  all  of  the  IT  work  that  comes  down  the 


AT  THE  AMERICAN  RED  CROSS,  CTO  DAVE  CLARKE  says  the  VMO  tracks  spending  and 
provides  that  information  to  the  management  team,  which  in  turn  can  secure  better  deals. 


road,”  Fraser  says.  “Carl  [Ascenzo]  has  cre¬ 
ated  a  competitive  environment  among 
vendors.”  Despite  this  added  competition, 
Fraser  says  working  with  BCBS’s  VMO  has 
saved  time  because  he  now  deals  with  one 
VMO  director  instead  of  multiple  IT  man¬ 
agers.  But  he  admits  he  had  to  work  out 
some  kinks  in  the  beginning. 

Initially,  Fraser  spent  some  time  explain¬ 
ing  the  new  process  to  his  staff,  and  rework¬ 
ing  his  documents  and  templates  to  fit  BCBS’s 
standardized  approach.  He  has  also  worked 
closely  with  Tony  DeGregorio,  BCBS’s  VMO 
director,  to  make  sure  both  sides  were  com¬ 
municating  well.  Now,  for  example,  he  says, 
both  EDS  and  BCBS  are  better  able  to  pre¬ 
pare  a  2005  budget  analysis  because  they  can 
better  predict  costs  and  revenue. 

Tom  Iannotti,  manager  of  consulting  and 
integration  business  at  Hewlett-Packard, 
says  that  although  he  has  not  yet  seen  wide¬ 
spread  adoption  of  the  VMO-type  of  func¬ 
tion  among  his  clients,  he  has  noticed  a 
difference  in  how  companies  buy  IT  prod¬ 
ucts  and  services.  “There  is  a  general  ratch¬ 
eting  up  of  expectations  from  suppliers,” 
he  says.  “Companies  are  focused  on  getting 
more  return  for  their  investment.  They  are 
no  longer  naively  expecting  miracles.  They 
are  buying  IT  just  as  anyone  would  care¬ 
fully  buy  any  sort  of  investment.” 

BEWARE  OF 
THE  PITFALLS 

When  Clarke  set  out  to  create  a  centralized 
VMO  at  the  American  Red  Cross  two  years 
ago,  the  radical  change  in  how  the  organiza¬ 
tion  treated  its  technology  vendors  created 
some  internal  disquiet.  “There  was  some 
concern  and  confusion  from  the  line  man¬ 
agers  that  the  VMO  would  exercise  complete 
control,”  Clarke  says.  “That  was  not  the 
intention,  but  we  needed  to  clarify  the  VMO’s 
role.”  Line  managers,  says  Clarke,  said  they 
didn’t  want  to  be  shut  out  of  the  buying 
process,  and  were  relieved  to  learn  that  they 
were  still  responsible  for  procurement.  The 
vendor  management  office  tracks  spending 
and  provides  that  information  to  the  man¬ 
agement  team,  which  in  turn  can  secure 
better  deals. 

Clarke’s  VMO  serves  as  a  center  of  expert- 


60 


FEBRUARY  1,  2005  |  www.cio.com 


PHOTO  BY  RON  AIRA 


ise  for  IT’s  role  in  the  overall  contracting 
process,  analyzing  IT  spending  and  vendor 
performance.  But  it  is  a  sort  of  information 
clearinghouse  that  ultimately  defers  to  the 
organization’s  national  contracting  office 
when  negotiating  contracts. 

“We  view  the  VMO  as  a  bridge  between 
technology  and  business  requirements  and 
contracting  requirements,”  he  says.  Clarke 
stresses,  however,  that  they  did  not  want  to 
create  a  bottleneck  in  which  all  contracts 
must  be  signed  off  by  the  VMO.  At  Aflac, 
where  the  VMO  plays  more  of  a  leading  role, 
Guth  says,  some  IT  managers  and  technol¬ 
ogy  users  miss  negotiating  with  vendors. 
“Internal  customers  really  enjoy  negotiat¬ 
ing  with  suppliers,”  he  says.  “So  we  try  to 
bring  them  into  the  process.  We  at  the  VMO 
are  tightly  coupled  with  our  [technology] 
customers.” 

Clarke  and  Guth  stress  that  organiza¬ 
tions  setting  up  VMOs  need  to  be  sure  that 
managers  who  have  had  control  over  ven¬ 
dor  relations  in  the  past  understand  the 
change  and  that  IT  users  be  brought  into 
the  process  whenever  possible.  Wayne  Ben¬ 
nett,  a  partner  in  the  commercial  technol¬ 
ogy  area  of  Boston  law  firm  Bingham 
McCutchen,  cautions  that  VMOs  could 
cause  problems  if  they  leave  business  own¬ 
ers  out  of  the  IT  purchasing  process.  If 
those  who  need  the  technology  aren’t  part 
of  the  buying  process,  he  reasons,  they 
might  feel  left  out  and  less  motivated  to  suc¬ 
cessfully  implement  their  project;  they 
might  also  feel  as  if  they  didn’t  get  the 
technology  or  service  they  really  needed. 
“The  success  of  most  complex  IT  projects 
requires  the  intense  participation  of  not 
only  the  CIO  and  key  IT  personnel,  but  the 
business  owners  of  the  process  as  well,” 
Bennett  says. 

Once  a  VMO  is  firmly  in  place,  convinc¬ 
ing  vendors  to  work  with  the  office  can 
also  prove  to  be  a  challenge.  “If  vendors  are 
used  to  dealing  with  a  number  of  people, 
they  will  try  to  use  a  divide-and-conquer 
approach,”  says  BCBS’s  Ascenzo.  They  may 
also,  in  some  cases,  try  to  go  around  the 
VMO  altogether  in  order  to  make  a  sale  to 
the  person  who  they  think  holds  the  purse 
strings.  To  avoid  such  problems,  Ascenzo 
and  other  CIOs  with  VMOs  go  over  the 
process  carefully  with  vendors.  Ascenzo 


Six  Keys 
to  Success 


Smart  CIOs  haves 
up  their  VMOs  with 
thesetipsinmind 


13 


Use  your  own  contract  when¬ 
ever  possible  to  minimize 
risk.  If  that’s  not  possible,  mark 
up  the  vendor’s  contract  to  make 
sure  it’s  in  your  favor. 

6  Keep  vendors  competitive  by 
making  sure  they  know  about 
each  other. 

-S.P. 


Centralize  the  function  under 
IT  and  get  executive  support 
for  the  plan. 

2  Win  over  internal  customers. 

During  vendor  negotiations, 
those  in  the  VMO  should  include 
the  internal  customers  whenever 
possible.  If  they  see  the  benefit 
and  are  included,  they  will  be 
less  likely  to  try  to  circumvent  the 
VMO  or  aid  vendors  attempting 
to  do  the  same. 

Start  small.  Pick  some  areas 
to  apply  the  VMO  to  initially 
and  build  it  overtime. 

4  Appoint  a  VMO  director  with 
legal  or  financial  experience— 
or  both.  Experience  as  a  vendor 
helps  as  well. 


says  he  has  consistently  repeated  to  vendors 
that  DeGregorio  at  his  VMO  is  in  charge  of 
vendor  management.  “You  have  to  make 
sure  that  the  VMO  is  of  equal  power  to  the 
rest  of  the  direct  reports  to  the  CIO.  And  the 
vendors  have  to  know  this,”  Ascenzo  says.  “I 
continually  endorse  that  Tony  [DeGregorio] 
has  power  and  authority.” 

Aflac’s  Lester  adds  that  CIOs  need  to  be 
prepared  to  be  tough  with  vendors  who  don’t 
cooperate.  “We’ve  had  to  replace  some  ven¬ 
dors  who  did  not  want  to  work  with  the 
VMO  or  with  IT  in  general,”  Lester  says.  In 
one  instance,  he  says,  Aflac  saved  over  $2  mil¬ 
lion  by  rebidding  a  contract  held  by  a  vendor 
that  refused  to  work  with  the  VMO. 


VMOs  HERE  TO  STAY 

The  economic  downturn  over  the  past  sev¬ 
eral  years  has  given  a  clear  advantage  to  tech¬ 
nology  buyers  over  vendors,  thus  paving  the 
way  for  companies  to  get  tough  in  negotia¬ 
tions.  But  CIOs  interviewed  for  this  article 
say  their  VMOs  will  remain  in  place  regard¬ 
less  of  the  economic  climate.  “It  has  been  a 
great  time  to  be  a  buyer  of  IT  services,  but  I 
don’t  see  the  process  changing  at  Guardian,” 
says  Omartian.  The  shift  toward  multiple 
vendors  and  large  outsourcing  contracts 
means  that  CIOs  can  benefit  from  a  central¬ 
ized  VMO  “in  any  climate,”  he  adds.  With  a 
VMO,  they  are  likely  to  get  better  deals  and 
better  service  from  vendors— no  matter  who 
has  the  upper  hand. 

Some  CIOs  say  they  are  so  pleased  with 
the  new  arrangement  that  they  plan  on 
adding  responsibilities  to  their  VMOs.  At 
Aflac,  for  example,  Lester  predicts  that 
his  VMO  will  become  more  active  in  search¬ 
ing  for  technology  acquisitions.  The  VMO 
already  does  a  lot  of  behind-the-scenes  work, 
investigating  vendors  by  talking  to  venture 
capitalists,  and  analyzing  when  a  startup 
might  sell  or  have  an  IPO.  In  the  future,  the 
VMO,  in  addition  to  negotiating  deals  with 
vendors,  might  be  able  to  discover  promising 
technology  companies.  (Lester  speaks  with 
experience  on  this  topic;  Aflac  bought  his 
software  company  in  1999.) 

With  hundreds  of  vendors  trying  to  get  in 
touch  with  Aflac  daily,  Lester  says,  many 
would  never  get  through  without  the  VMO. 
“There  are  a  lot  of  small  vendors  who  call 
us,  and  they  might  have  great  ideas,”  Lester 
says.  “With  an  expanded  VMO,  we  will  be 
able  to  try  some  of  them  out.  We’re  ready  to 
take  it  to  the  next  level.”  HH 


Senior  Writer  Susannah  Patton  can  be  reached  at 
spatton@cio.com. 


Talk  to  Jim  Lester 


Wouldn't  it  be  nice  if  your  company  could  con¬ 
sistently  get  the  best  technology  deals?  You'd 
probably  make  your  vendors  compete  amongst 
themselves  to  provide  discounts.  Dreaming? 
That's  just  what  CIO  Jim  Lester  did  at  Aflac. 

To  ASK  THE  SOURCE  your  questions  about 
starting  a  vendor  management  office,  contact 
Lester  at  www.cio.com/ask. 

cio.com 


www.cio.com  |  FEBRUARY  1,  2005  61 


PHOTOGRAPHY  BY  KATHLEEN  DOOHER 


For  the  CIO  of  Partners  Healthcare,  fixing  recurrent  slowdowns  and  outages  to  the  electronic 

62  FEBRUARY  1,  2005  |  www.cio.com 


John  Glaser's 
Tips  for 
Leadership 
in  a  Crisis 

1.  Drop  everything  else 
and  focus  all  available 
resources  on  the 
problem.  A  crisis,  if 
left  unsolved,  can 
undermine  your  efforts 
on  every  other  front. 

2.  Bring  in  the  big 
boys  (service  providers 
such  as  IBM  or  Hewlett- 
Packard)  to  show  that 
you  are  taking  the  mat¬ 
ter  seriously.  Worst- 
case  scenario:  At  the 
very  least,  they  confirm 
what  the  problem  is. 

3.  Make  sure  that  the 
CEO,  other  executives 
and  your  end  users 
know  what  is  wrong  and 
what  you  are  doing 
about  it. 

4.  Resist  the  temptation 
to  assign  blame  and 
point  fingers.  Talk  about 
what  we  are  going  to  do 
instead  of  what  you  are 
going  to  do. 

5.  You  have  to  be  willing 
to  get  beat  up.  Whether 
inviting  angry  e-mails 
or  meeting  with  people 
who  you  know  will 

yell  at  you,  your  job  is 
to  absorb  the  anger. 


medical  records  system  was  a  major  test  of  leadership  By  Ben  Worthen 


www.cio.com  |  FEBRUARY  1,  2005 


63 


Crisis  Leadership 


All  systems  go  down  at  some  point. 

So  John  Glaser,  CIO  of  Partners  Healthcare,  wasn’t  particularly  worried 
when  the  electronic  medical  record  (EMR)  system  used  by  more  than 
6,000  doctors  and  nurses  affiliated  with  Partners  started  experiencing 
brief  outages  in  late  July.  After  all,  since  the  start  of 2004  the  EMR  system 
had  experienced  anywhere  from  two  to  six  short  disruptions  a  month- 
slowdowns  or  outages  lasting  from  a  couple  of  minutes  to  several  hours. 
Inconvenient,  yes,  but  not  the  end  of  the  world.  There  was  no  reason  to 
suggest  that  this  was  any  different. 


But  the  disruptions  got  worse— the  out¬ 
ages  occurring  with  greater  frequency.  The 
automated  alerts  Glaser  receives  when  his 
systems  are  strained  poured  in.  Doctors 
called  and  e-mailed  with  complaints.  Part¬ 
ners  administrators  let  him  know  that  a  lot 
of  people  were  irritated.  In  every  crisis  there 
is  a  point  at  which  the  notion  that  this  is  just 
a  bad  week  gives  way  to  the  recognition  that 
you  are  treading  on  thin  ice. 

By  early  August,  Glaser  says,  “we  real¬ 
ized  we  were  in  trouble.” 

Between  then  and  mid-September,  Part¬ 
ners’  EMR  system  slowed  or  shut  down  25 
times,  often  for  hours  at  a  time.  Each  dis¬ 
ruption  affected  every  doctor  on  the  system; 
they  could  not  gain  access  to  their  patients’ 
medical  records,  and  at  times  clinics  were 
forced  to  turn  patients  away  untreated.  The 
IS  department  faced  heat  on  all  sides— from 
the  doctors  whose  work  was  disrupted  and 
from  Partners’  administration  who  feared  a 
medical  mutiny  over  the  EMR  system. 

Dr.  Mark  Eisenberg,  a  doctor  at  Partners’ 
Charlestown  Healthcare  Center,  couldn’t 
access  his  patients’  medical  records  for 
45  minutes  during  one  of  these  slowdowns. 
“It  is  a  real  problem  if  we  have  no  record  to 
look  at  when  we  see  a  patient,”  Eisenberg 
says.  “There  are  real  concerns  about  care  if 
you  can’t  see  lab  results  or  what  medications 
someone  is  taking.” 

Partners  is  Boston’s  largest  hospital 
group.  The  organization  includes  two  of  the 
city’s  major  academic  hospitals— Massa¬ 
chusetts  General  (MGH)  and  Brigham  and 
Women’s— as  well  as  smaller  community 
hospitals,  clinics  and  even  individual  doc¬ 
tors’  offices.  The  two  hospitals  have  been 
among  the  earliest  adopters  of  medical  infor¬ 
mation  systems.  Some  of  their  doctors  have 
been  using  the  electronic  medical  records 


for  15  years,  and  the  overall  adoption  rate  is 
about  70  percent  within  Massachusetts 
General  and  Brigham  and  Women’s  hospi¬ 
tals.  The  rest  of  the  community  lags  far 
behind,  however.  Excluding  the  large  hos¬ 
pitals,  the  adoption  rate  for  the  rest  of  the 


tors— some  only  one  or  two— and  they  don’t 
always  see  the  financial  point  of  investing 
in  the  EMR  system.  Between  networking 
costs,  converting  paper  records  to  electronic 
records,  linking  or  replacing  existing  office 
systems  and  some  lost  productivity  while 
everyone  learns  how  to  use  it,  installing  the 
system  costs  somewhere  between  $5,000 
and  $10,000,  according  to  Glaser.  That’s  a  lot 
of  money  for  a  small  office,  and  while  EMRs 
will  eventually  boost  productivity,  even 
Glaser  admits  that  there  isn’t  an  ROI.  “In 
our  best  case  it  is  right  on  the  edge  of  break 
even,”  he  says.  “Our  hope  is  that  the  vision  is 
enough  to  push  it  over  the  edge.” 

But  every  time  something  goes  wrong 
with  the  system,  that  vision  of  the  future 
moves  farther  away  and  Glaser’s  job  gets 


"It  was  clear  that  there  was  no  way  we  were 
going  to  fix  this  in  one  week.  We  nad  to  prepare 
tor  a  series  of  lousy  weeks." 

-JOHN  GLASER,  CIO  OF  PARTNERS  HEALTHCARE 


Partners  network  is  only  10  percent.  One  of 
Partners’  top  goals  over  the  past  two  years 
has  been  to  bring  on  board  these  users,  a 
group  of  approximately  2,000,  who  are 
mostly  physicians  in  private  practices  affil¬ 
iated  with  one  or  more  of  the  hospitals  in 
the  Partners  system. 

EMR  systems  provide  many  benefits.  In 
addition  to  cutting  claims  and  billing  costs, 
they  improve  patient  care  by  significantly 
reducing  medication  or  lab  test  errors  that 
result  from  sloppy  physician  handwriting. 
Such  systems  also  check  for  drug  allergies 
and  adverse  interactions  with  existing  pre¬ 
scriptions,  and  they  can  advise  physicians  on 
what  test  or  procedure  is  most  appropriate. 

Even  so,  they’re  a  hard  sell.  Many  physi¬ 
cian  practices  have  only  a  handful  of  doc- 


harder.  The  CIO  is  the  first  to  acknowledge 
that  solving  the  mystery  behind  the  recur¬ 
ring  EMR  system  slowdowns  and  restoring 
the  faith  of  doctors  and  administrators  was 
a  major  test  of  leadership  for  him.  “If  [a  prob¬ 
lem]  goes  on  too  long,  it  erodes  the  trust  that 
your  community  has  in  you,”  Glaser  says. 

No  Quick  Fix 

By  the  first  week  of  August,  it  was  clear  to 
Glaser  that  something  was  wrong  with  the 
EMR  system.  On  Friday,  Aug.  6,  after  the  sys¬ 
tem  had  experienced  outages  and  slowdowns 
almost  every  day  for  two  weeks,  Glaser  real¬ 
ized  the  status  quo  was  no  longer  acceptable. 
He  assembled  two  key  groups  for  a  meet¬ 
ing— the  people  who  touch  each  of  the  orga¬ 
nization’s  systems  on  a  daily  basis  and  the 


64 


FEBRUARY  1,  2005  |  www.cio.com 


NEC  IP 

ANOTHER  DIMENSION  IN  IP  SOLUTIONS 


From  the  global  technology  leader  with  both  telephony  and  networking  know-how,  comes  a  multidimensional 
IP  solution.  Our  years  of  expertise  in  integrating  voice  and  data  enable  a  reliable,  flexible  pure  IP  architecture: 
UNIVERGE,  which  results  in  more  efficient,  competitive  solutions.  In  fact,  we’ve  already  successfully  installed 
IP  systems  in  top  companies,  including  a  world  leading  car  manufacturer.  NEC  IP.  From  pure  IP  to  seamless 
migration  of  current  systems  that  connect  to  the  future.  It’s  another  way  NEC  empowers  you  through  innovation. 

IT  SERVICES  AND  SOFTWARE  ENTERPRISE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


uutAfvu.nec.com/necip 

©NEC  Corporation  2004.  NEC  and  the  NEC  logo  are  registered  trademarks  of  NEC  Corporation 
Empowered  by  Innovation  is  a  trademark  of  NEC  Corporation. 


Empowered  by  Innovation 


Crisis  Leadership 


"You  don't  sugarcoat  anything.  If  you  screwed 
up,  you  need  to  be  able  to  say  so." 


-JOHN  GLASER,  CIO  OF  PARTNERS  HEALTHCARE 


IS  people  who  work  on  the  hospital  floors. 

“I  wanted  to  hear  from  a  technical  point  of 
view  everything  that  had  happened,”  Glaser 
recalls.  “I  also  asked  the  people  on  the  front 
lines,  What  does  it  look  like  for  the  doctors? 
How  disruptive  is  this?  I  needed  to  know 
what  it  feels  like  to  live  with  this.” 

What  Glaser  heard  wasn’t  reassuring. 
The  doctors  were  growing  restless.  The  out¬ 
ages  compromised  their  ability  to  treat 
patients.  And  there  wasn’t  a  quick  fix  loom¬ 
ing.  Glaser’s  IS  staff  identified  multiple  rea¬ 
sons  for  the  disruptions.  The  largest  single 
culprit:  A  server  that  supported  the  EMR 
system  kept  crashing.  Other  times,  it  seemed 
as  if  the  EMR  database  had  outstripped  its 
capacity.  Still  other  times,  an  unpatched 
memory  leak  in  Internet  Explorer  was  the 
cause  of  the  outages. 

“It  was  clear  that  there  was  no  way  we  were 
going  to  fix  this  in  one  week,”  Glaser  says.  “We 
had  to  prepare  for  a  series  of  lousy  weeks.” 

Glaser  quickly  came  up  with  a  game 
plan.  The  technical  people  would  continue 
trying  to  diagnose  and  fix  the  problem, 
focusing  solely  on  this  task.  Other  projects, 
such  as  compliance  with  the  Health  Insur¬ 
ance  Portability  and  Accountability  Act, 
would  be  put  on  hold.  Glaser  would  pro¬ 
vide  cover  if  anybody  asked  questions  about 
these  temporarily  neglected  tasks.  He  also 
brought  in  a  team  of  IBM  consultants  to 
help  diagnose  the  problem. 

In  addition,  all  new  EMR  system  deploy¬ 
ments  in  outpatient  physician  practices 
would  be  put  on  hold,  and  a  new  working 
group,  headed  by  Glaser’s  deputy  Mary  Fin¬ 
lay,  was  created  to  approve  all  application 


and  infrastructure  changes.  Glaser,  mean¬ 
while,  would  face  the  music. 

He  was  the  one  who  had  to  explain  to 
CEO  James  Mongan  and  the  rest  of  the  lead¬ 
ership  exactly  what  was  going  on  and  what 
was  being  done  about  it.  While  these  admin¬ 
istrators  made  it  clear  that  they  were  not 
happy,  they  didn’t  panic,  giving  the  CIO  time 
to  fix  the  problem.  Glaser  also  met  with  the 
physician  leadership  at  Partners’  hospitals 
and  explained  what  was  going  on.  “They 
don’t  want  to  know  what  you  are  doing  on  a 
day  to  day  basis,”  he  says.  “But  they  want  to 
know  that  you  are  taking  it  seriously.” 

On  Aug.  11,  Glaser  sent  out  an  e-mail  to 
the  entire  Partners  medical  community.  In  it 
he  acknowledged  the  recurrent  slowdowns 
and  said  that  fixing  the  underlying  problem 
was  his  top  priority.  He  tried  to  be  as  frank 
as  possible.  “You  don’t  sugarcoat  anything, 
even  if  it  means  that  you  have  to  look  at 
yourself  in  the  mirror  and  not  like  what  you 
see,”  he  says  in  hindsight.  “If  you  screwed 
up,  you  need  to  be  able  to  say  so.” 

Absorbing  the  Anger 

Glaser  knew  he  had  to  be  visible.  “In  situa¬ 
tions  like  this,  most  formal  communication 
has  to  come  from  me,”  he  says.  “I  have  to 
send  this  e-mail  out;  I  can’t  delegate  that.  I 
have  to  be  at  the  advisory  board  meeting.  I 
have  to  meet  with  the  leadership  at  MGH 
and  the  Brigham.” 

Sometimes  his  sole  job  at  a  meeting  was  to 
get  yelled  at  by  doctors.  “They  are  angry  and 
upset,  and  they  want  to  yell  at  someone,  and 
it  has  to  be  you,”  Glaser  says.  And  some  doc¬ 
tors  took  advantage,  swearing  at  him  to  his 


face,  and  accusing  him  of  hurting  their 
patients.  “You  have  to  roll  with  it,”  he  says. 
“You  have  to  resist  the  temptation  to  fight 
back.”  By  absorbing  the  anger  himself, 
Glaser  allowed  his  employees  to  solve  the 
problems  without  interruption. 

As  it  turned  out,  almost  all  of  the  disrup¬ 
tions  could  be  traced  to  the  same  root  cause. 
In  its  effort  to  expand  the  reach  of  the  EMR 
system,  Partners  had  neglected  to  upgrade 
its  operating  system,  and  the  old  system  just 
couldn’t  handle  the  load  it  was  forced  to 
bear.  The  IBM  consultants  confirmed  this. 
The  old  system  hadn’t  been  designed  to  sup¬ 
port  a  record  system  as  large  and  dispersed 
as  Partners’. 

Upgrading  the  system,  however,  would 
take  time,  primarily  because  the  vendor, 
Intersystems,  had  never  worked  with  an 
application  infrastructure  as  complex  as 
Partners’,  and  every  piece  of  the  new  sys¬ 
tem  would  have  to  be  tested.  In  the  mean¬ 
time,  Glaser’s  team  spent  September  making 
short-term  fixes,  such  as  adding  more 
servers.  By  October,  there  were  only  four 
incidents,  and  by  the  end  of  December,  the 
new  upgraded  system  was  in  place.  Glaser 
hopes  the  new  operating  system  will  keep 
the  EMR  database  up  99.9  percent  of  the 
time.  In  the  aftermath  of  the  crisis,  Glaser 
has  had  to  reassess  his  plans  to  extend  the 
EMR  capabilities  to  all  of  Partners’  affiliated 
doctors.  That  ambitious  project  will  have  to 
wait.  “If  you  continue  to  roll  out  the  imple¬ 
mentation,  you  just  look  reckless,  like  you 
are  so  bent  on  the  goal  that  you  are  ignoring 
reality,”  he  says. 

Instead,  Glaser  will  focus  on  reestablish¬ 
ing  his  department’s  track  record.  “If  you 
have  a  good  reputation  when  you  go  into  [a 
crisis],  people  believe  that  you  are  honest  and 
that  you  can  fix  it,”  he  says.  “Your  words  have 
an  aura  of  credibility.  But  if  a  problem  goes 
on  too  long,  history  becomes  irrelevant.” 

Glaser  won’t  know  for  months  the  extent 
to  which  the  prolonged  disruptions  have 
affected  the  credibility  of  his  IT  leadership. 
But  he  doesn’t  have  time  to  worry  about  the 
repercussions  now.  He’s  focused  on  keeping 
the  EMR  system  up  and  running  24/7,  because 
that,  after  all,  is  the  future  of  medicine,  ran 


Senior  Writer  Ben  Worthen  can  be  reached  at 
bworthen@cio.com. 


66 


FEBRUARY  1,  2005  |  www.cio.com 


Your  potential.  Our  passion.'" 

Microsoft 


We  have  3,000  PCs  based  everywhere  from 
Argentina  to  Vietnam,  and  now  our  team  can 
update  them  all  from  headquarters." 

Viktor  Portmann 

Project  Manager,  Department  of  Foreign  Affairs,  Switzerland 


- 


wr. 


NAME 

Mr.  500  Servers 
in  156  Countries 
Managed  from 
1  Location 


m m 


Department  of 
Foreign  Affairs, 
Switzerland 


Make  a  name  for  yourself  with  Windows  Server  System™  Microsoft  Windows  Server  System 
makes  it  easier  for  Switzerland's  Federal  Department  of  Foreign  Affairs  (DFA)  to  manage 
the  infrastructure  serving  their  embassies  and  consulates  in  156  countries.  Here's  how: 

By  using  Systems  Management  Server  2003  and  Microsoft®  Operations  Manager  2005, 
DFA  can  automatically  update  its  500  remote  servers  from  a  central  location,  saving  over 
$600,000  in  travel  expenses  alone  in  the  past  year.  They've  also  been  able  to  reduce  the  time 
and  cost  of  maintenance,  boost  user  productivity,  and  find  the  time  to  better  prepare  for 
expansion.  Software  that's  easier  to  manage  is  software  that  helps  you  do  more  with  less.  To 
get  the  full  DFA  story  or  to  find  a  Microsoft  Certified  Partner,  go  to  microsoft.com/wssystem 


Windows 
Server  System 


CIO  Leadership 
Conference: 

Developing  the  Right  Stuff 

May  9  &  10,  2005  •  The  Charles  Hotel  •  Cambridge,  MA 


A  major  concern  of  CIOs  across  business,  industry,  government  and  non-profit  organizations  centers 
on  developing  the  next  generation  of  IT  leadership.  As  outsourcing  IT  becomes  more  rampant,  where 
will  this  next  generation  come  from?  What  new  skills  will  they  need  to  be  effective  business  partners  as 
well  as  leaders  of  IT  organizations?  How  do  we  identify  the  best  candidates?  How  do  we  ensure  they 
have  the  right  training  and  mentoring? 


CIO  Magazine,  in  conjunction  with  the  CIO  Executive  Council,  addresses  this  pressing  issue  in  the  CIO 
Leadership  Conference:  Developing  the  Right  Stuff.  We'll  bring  together  CIOs  who  have  worked  to  ele¬ 
vate  the  CIO  position  within  the  enterprise,  who  continue  to  blaze  new  trails  and  meet  new  challenges, 
and  who  are  defining  what  it  will  take  to  be  the  CIO  of  the  future.  We'll  combine  them  with  today's  "up- 
and-comers"-  the  senior  IT  staff  that  will  take  up  those  challenges,  and  together  we'll  forge  a  set  of 
goals,  and  a  roadmap  to  achieve  them. 


F.  Warren  McFarlan, 

Harvard  Business  School's 
Baker  Foundation  Professor  & 
Albert  H.  Gordon  Professor 
of  Business  Administration  Emeritus, 
serves  as  conference  moderator. 


We'll  also  recognize  those  future  leaders-who 
have  been  identified  and  sponsored  by  the 
CIOs  of  today's  leading  organizations-with 

CIO  Magazine’s  2005 
Ones  To  Watch™  Award 

during  a  special  reception,  dinner 
and  awards  presentation. 


For  more  information  and  to  register,  visit 
www.cio.com/conferences 
or  call  800.366.0246. 


The  Resource 
for  Information 
Executives 


CIO  Leadership  Agenda  2005 


sox 


IDEAS  &  INSIGHTS  FROM  THE  CIO  EXECUTIVE  COUNCIL  ::  EDITED  BY  CHERYL  ASSELIN 


FROM  THE  FRONT  LINES 


Howto  Prepare  for 
Sox  Compliance 


MARC  WEST, 

CIO  at  H&R  Block, 
provides  a  checklist 
of  items  to  consider 
when  shoppingfora 
Sarbanes-Oxley  tool 

Vendor  Evaluation  Checklist 

□  GRILL  THE  VENDOR 

about  integration  with  ERP  and 
finance  systems.  Don’t  assume  a 
tool  will  capture  all  financial  data, 
like  those  in  spreadsheets  and  non¬ 
core  systems.  Regardless  of  what 
the  vendor  says,  integration  is  on 
your  plate. 

□  ASK  IF  THE  TOOL 

meets  CoBit/COSO  requirements. 
The  vendor  should  tell  you  whether 
an  audit  firm  will  accept  the  tool’s 
capability  to  measure  controls. 

□  DISREGARD  VENDOR 

claims  of  an  out-of-the-box  solu¬ 
tion.  You  will  need  to  configure  any 
tool  to  meet  your  unique  needs  and 
to  work  with  internally  developed  IT 
systems.  Never  underestimate  the 
amount  of  time  and  resources  that 
customization  will  consume. 


ON  CERTAIN  TERMS 


Larry  Brown  was  one  of  the  “lucky” 
CIOs  who  had  a  Dec.  31, 2004, 
Sarbanes-Oxley  (a.k.a.  Sox)  deadline. 
Thinking  back  on  the  long  road  to  the 
deadline,  the  vice  president  and  CIO  of 
Arch  Coal  shares  some  of  the  lessons 
he  learned  along  the  way. 

If  your  year-end  is  not  until  April 
2005,  he  strongly  suggests  asking  your 
already  audited  peers  for  additional 
advice.  He  also  advises  asking  your 
external  audit  firm  to  discuss  the 
major  risk  areas  it  focused  on  for  calen¬ 
dar-year-end  2004  audits.  Learning 
from  those  who  have  already  been 
there  will  help  prepare  you  for  the 
upcoming  deadline,  year  two  of  Sox 
and  beyond. 

Bring  in  business  sponsors. 

IT  projects  succeed  when  the 
business  side  supports  them.  The  same 
is  true  with  Sarbanes-Oxley  compli¬ 
ance.  "Business  units  and  department 
managers  must  understand  the  impor¬ 


tance  of  internal  controls  over  financial 
reporting,”  says  Brown.  “IT  can  help  in 
the  effort  by  having  systems  that  can 
institute  preventive  controls,  but  after 
the  fact,  the  responsibility  shifts  to  the 
process  and  control  owners.  The  initia¬ 
tive  cannot  have  the  appearance  of  an 
IT-driven  project,  or  the  external  audit 


LARRY  BROWN, 

VP  and  CIO  of  Arch 
Coal,  was  one  of  the 
first  CIOs  to  comply 
with  Sox  regulations. 


firm  may  question  the  competence  and 
objectivity  of  the  effort.”  The  external 
auditor  will  look  for  ownership  by  the 
internal  audit  function  or  a  department 
under  the  controller’s  responsibility, 
not  by  IT. 

Overestimate  your  costs 
from  the  beginning.  “As  we 

went  through  the  process  of  document¬ 
ing  controls  and  identifying  risks  and 
procedures  at  each  site,  we  uncovered 
control  deficiencies  in  the  process,” 
says  Brown.  “These  control  deficiencies 
had  to  be  remediated  and  then  retested, 
which  added  time  and  resources  that 
we  did  not  originally  include  in  the 

Continued  on  Page  70 


sig*nif*i*cant  de*fi*cien*cy 

A  significant  deficiency  is  a  control  deficiency  (or  a  combination  of 
internal  control  deficiencies]  that  adversely  affects  a  company's  ability 
to  initiate,  authorize,  record,  process  or  report  external  financial  data 
reliably  in  accordance  with  GAAP.  When  a  significant  deficiency  exists, 
there  is  a  more-than-remote  likelihood  that  a  more  than  inconsequential 
misstatement  of  the  company's  annual  or  interim  financial  statements 
will  not  be  prevented  or  detected. 

SOURCE:  Public  Company  Accounting  Oversight  Board 


www.cio.com  |  FEBRUARY  1,  2005 


69 


T H E  C I o  e xecuive  council 


forum  ::  SOX 


front  lines.  Continued  from  Page  69 

budget.”  To  avoid  requesting  additional 
resources  from  the  CFO,  Brown  recom¬ 
mends  building  in  a  higher  cost  esti¬ 
mate  for  compliance  from  the  outset. 
Put  the  best  people  on  the 
job.  Make  sure  the  internal 
audit  team  members  who  are  testing 
the  controls  are  qualified— that  is, 
highly  competent  and  objective— or 
your  external  audit  firm  may  reject  the 
results  and  add  more  of  their  own 
pricey  staff  to  do  the  audit,  warns 
Brown.  He  notes  that  $2  billion  coal 
mining  company  Arch  Coal  made  it  a 
point  to  use  qualified  individuals  to  do 


the  testing  the  first  time  around  and 
supplemented  the  internal  audit 
staff  with  qualified  external  contract 
auditors. 

Visualize  it.  As  Sox  compli¬ 
ance  preparations  began. 
Brown  used  visual  aids  to  describe 
process  flows  and  to  identify  where 
controls  were  embedded  throughout 
the  process.  His  auditors  found  these 
visual  tools  to  be  useful  as  part  of  the 
control  design  prior  to  examining 
detailed  documentation. 

After  the  audit,  it's  not 
business-as-usual.  “Once  the 


audits  are  over  and  all  the  remediation 
and  retesting  is  complete,  everyone 
will  want  to  get  back  to  their  day  jobs,” 
says  Brown.  But  Sox  isn’t  over  when 
the  last  auditor  has  left  the  building. 

He  strongly  recommends  developing 
plans  to  incorporate  a  risk  and  control 
mind-set  into  the  culture  of  your  com¬ 
pany  before  beginning  to  evangelize. 
“Continuously  engaging  the  business 
managers  and  process  owners  in  self- 
assessment  testing  will  keep  Sox  a  part 
of  their  job,”  says  Brown. 

-Carrie  Mathews,  member  services 
manager.  CIO  Executive  Council 


PEER  COUNSEL 


For  CIOs  not  directly  affected  by  Sox,  what 
impact  has  the  regulation  had  on  you  and 
your  organization? 


findings 

AFTER  CONSIDERABLE 

frustration,  CIOs  reported  a  decent 
degree  of  clarity  over  how  to  manage 
the  Sarbanes-Oxley  compliance 
effort,  according  to  an  October  2004 
CIO  Executive  Council  poll  of  162 
members. 


A«  our  university  oversight  boards  generally  comprise 
•  members  from  public  companies  and  auditors  that  have  a 
very  conservative  mind-set.  In  response,  the  bylaws  of  the  board 
have  been  revised  to  be  more  in  compliance  with  Sarbanes-Oxley. 

For  me  in  IT,  the  impact  has  been  a  shift  in  priorities,  resulting  in 
more  time  and  resources  spent  on  expanding  controls,  reporting  and 
oversight  across  the  organization  rather  than  in  developing  new 
services.  I  focus  more  of  my  attention  on  change  management,  asset 
tracking  and  structured  methodologies  for  IT  development  and  man¬ 
agement  across  the  organization,  not  just  within  the  central  IT  shop. 

-Dave  Swartz 


DAVE  SWARTZ, 

CIO,  The  George 
Washington  University 


BILLREGEHR, 

ClOand  senior  VPof 
IT,  Boys  and  Girls 
Clubs  of  America 


A«  while  nonprofits  are  not  affected  by  all  the  components 
*  of  Sox,  it  is  generally  accepted  that  we  are  subject  to  two  stipula¬ 
tions  of  the  law.  First,  we  are  required  to  have  "whistle-blower  protec¬ 
tion,”  and  second,  we  are  required  to  have  a  records  retention  policy  in 
place.  We  have  complied  with  both  of  those  regulations.  In  IT,  I  am  cur¬ 
rently  orchestrating  an  effort  to  ensure  that  we  destroy  records  that  are 
outside  of  the  records  retention  policy.  In  2005,  we  will  be  implementing 
a  document  management  system  to  assist  us  with  retention  of  electronic 
documents. 

As  to  the  sections  of  Sox  that  don’t  apply  to  nonprofits,  our  board  is 
being  very  careful  to  ensure  that  we  establish  the  governance  and  con¬ 
trols  that  are  set  up  by  the  act. 

-Bill  Regehr 


RESPONSIBILITY  WITHIN 
THE  ORGANIZATION 

70% 

reported  a  team  effort  among 
the  CFO,  CIO  and  staff 


MEETING  SARBANES- 
OXLEY  REQUIREMENTS 

73% 

understood  vhat 
Sox  requires. 

49% 

did  not  think  the  requirements 
are  fair  and  reasonable. 


COMMITMENT  TO 
SARBANES-OXLEY 

82% 

said  their  organizations 
are  making  a  100%  commitment  to 
fulfilling  all  the  requirements  of 
Sarbanes-Oxley. 

11% 

said  they  are  doing  the 
minimum  to  get  by. 


70 


FEBRUARY  1,  2005  1  www.cio.com 


ON  THE  HORIZON 

Year  Two  of  Sox 

At  the  recommendation  of  the  Executive  Council’s  Sox  task 
force,  David  Hartley,  director  at  Protiviti,  an  internal  audit  and 
technology- risk  consultancy,  spoke  recently  to  members  about 
what  to  anticipate  during  year  two  of  Sarbanes-Oxley. 

He  offers  three  key  pieces  of  advice: 


moving  forward  inyeartwo, 
companies  need  to  view  Sarbanes- 
Oxley  compliance  as  a  long-term,  on¬ 
going  process.  First-year  efforts  to  meet 
the  requirements  largely  were  project- 
focused,  and  documenting  the  internal 
control  environment  was,  much  of  the 
time,  done  manually.  To  effectively 
guide  the  IT  shop  in  yeartwo,  CIOs  must 
recognize  that  technology  is  a  key  com¬ 
ponent  of  any  organization’s  control 
structure. 

cios  should  chart  a  course  that 
begins  with  Sarbanes-Oxley  compli¬ 
ance  and  moves  to  IT  governance  and 
broader  compliance  management,  and 


eventually  toward  enterprise  risk 
management.  CIOs  should  understand 
their  role  in  executing  the  corporate 
strategy  regarding  controls  compliance 

in  year  two,  CIOs  should  continue 
to  emphasize  the  importance  of  IT 
process  maturity.  The  best  way  to 
ensure  compliance  is  through 
processes  that  are  well-controlled  and 
documented,  and  are  understood  and 
operated  consistently.  This  requires  an 
investment  in  tools,  infrastructure  and 
training.  CIOs  should  define  their  IT 
process  requirements  and  then  identify 
enablingtechnology  to  support  those 
requirements.  Establishing  an  IT  com¬ 


DAVID  HARTLEY,  director  at  Protiviti, 
says  companies  need  to  see  Sox  compliance 
as  an  ongoing  process. 


pliance  and  control  group  that  goes 
beyond  Sarbanes-Oxley  compliance  is 
one  way  to  ensure  that  controls  are  in 
place  and  auditable  going  forward. 


[ONE::LINER] 

“The  devil  is  no 
longer  just  in 
the  details  but 

now  lives  in 
the  policies  and 
processes  as  well, 


99 


SHERRY LALONDE, 

CIO  at  Cooley  Godward 
and  memberof  the  CIO 
Executive  Council’s  task 
force  on  Sarbanes-Oxley 


..  - 


m i 


COUNCIL  NEWS 

The  CIO  Executive  Council  is  a  professional  association  of  CIOs.  Its  founding  prin¬ 
ciples  grew  out  of  conversations  with  several  CIOs  interested  in  shaping  the  future 
of  our  industry.  These  discussions  yielded  two  simple  concepts:  Our  best  consult¬ 
ing  resource  is  often  a  peer  CIO,  and  a  coalition  of  CIOs  under  the  direct  leader¬ 
ship  of  its  members  is  a  unique  way  to  tackle  some  issues  that  are  core  to 
our  role  and  to  our  industry. 

Formed  in  April  2004,  the  council  counts  among  its  200  members  CIOs  from 
around  the  world  representing  every  sector  and  industry,  and  every  size.  We  are 
organized  around  task  forces,  each  with  a  distinct  mission.  The  IT  Staffing  Task 
Force,  for  example,  led  by  Jeri  Dunn,  CIO  of  Tyson  Foods,  and  Barbara  Kunkel, 

CIO  of  Nixon  Peabody,  will  work  with  academic  institutions  to  make  sure  they  are 
producing  business-oriented  IT  professionals.  The  IT  Value  Task  Force,  led  by  Kevin 
Humphries,  senior  vice  president  of  technology  services  at  FedEx;  Steven  John,  CIO 
of  Agriliance;  and  Steve  Brown,  CIO  of  Carlson,  is  building  a  framework  to  help  the 
corporate  executive  committees  understand  how  IT  affects  an  organization's  finan¬ 
cial  performance. 

In  these  pages  in  the  months  to  come,  we  will  highlight  the  work  of  these  and  other 
task  forces  and  share  some  of  the  peer-to-peer  insights  of  our  membership,  in  the 
hope  that  it  will  benefit  the  CIO  community  at  large. 


-Mark  Hall,  CIO,  CXO  Media 
and  General  Manager,  CIO  Executive  Council 


To  learn  more  about  the  CIO  Executive  Council,  visit  www.cioexecutivecouncil.com  or 
contact  Managing  Director  Martha  Heller  at  mheller@cio.com  or  508  988-6738. 


FROM  THE  PUBLISHER 


THE  RESOURCE  FOR  INFORMATION  EXECUTIVES 


president  and  ceo  Walter  Manmnen 
editorial  director  Lew  McCreary 
publisher  Gary  J.  Beach 


Bold  Is  Beautiful 

Forget  about  tactics.  If  you  want  to  be  the  most  effective 
CIO,  it’s  time  to  put  your  fears  aside  and  get  aggressive. 

It's  2005.  Welcome  to  the  second  half  of  the 
21st  century’s  first  decade. 

As  you  start  the  new  year,  ask  yourself  this: 

How  bold  are  your  2005  technology  plans?  Are 
they  strategic?  Or  are  they  tactical?  Will  they  trans¬ 
form  the  way  your  company  does  business?  Or, 
will  they  simply  support  your  company’s  existing 
ways  of  doing  business? 

Peter  Weill,  the  director  of  the  Center  for  Infor¬ 
mation  Systems  Research  at  the  MIT  Sloan  School 
of  Management,  has  done  work  on  IT  investments,  and  he  segments  IT  budgets 
into  four  components:  transactional  IT  aimed  at  lowering  costs;  informational  IT 
comprising  compliance,  business  analytics  and  so  on;  infrastructure  IT;  and 
strategic,  or  bold,  IT  projects. 

According  to  Weill,  only  about  13  percent  of  the  average  IT  budget  falls  into  the 
strategic  or  bold  category.  Why  is  this  so  low?  Fear  of  failing  is  the  culprit.  Weill’s 
data  reports  nearly  half  of  these  plans  for  bold  IT  fail  within  three  years.  And  the 
CIOs  who  architect  these  plans  are  often  swept  out  the  door  with  those  failures. 

How  does  your  budget  compare  to  Weill’s  numbers?  Will  you  be  allocating 
more  or  less  than  13  percent  of  your  budget  to  strategic,  bold  initiatives?  When  | 

meeting  with  other  executives  and  customers,  do  you  talk  the  bold  talk  but  then 
walk  the  tactical  walk  when  it  comes  down  to  implementing  your  plans?  2 

Allocating  13  percent  of  your  IT  budget  to  bold  initiatives  is  not  enough.  If  you 
truly  want  to  be  bold  in  2005  and  beyond,  the  surest  way  to  do  that  is  to  spend  2 

more,  not  less,  on  your  most  bold  and  business-transforming  initiatives.  2 


Gary  Beach,  Publisher 

gbeach(a)cio.com 


CXO  MEDIA 

CIRCULATION 

svp,  circulation  Carol  A.  Spach  circ.  dir.  Faith 
Marcello  subscription  svcs.  supervisor  Tina  Pescaro 

CIO  EXECUTIVE  COUNCIL 

GENERAL  MANAGER  Mark  Hall  MANAGING  DIRECTOR 

Martha  Heller  dir.,  external  relations  Karen  Fogerty 

dir.,  project  mgmt.  office  Amy  Field  dir.,  program 
development  David  Lien  consulting  editor  Richard 
Pastore  member  services  managers  Bill  Golden, 
Carrie  Mathews  program  managers  Mindy  Hogan. 
David  Parker.  Jennifer  Riley.  Steve  Rovmak,  Stacy  Sudan, 
Kristina  Sweet.  Greg  Szumowskl 
operations  specialist  Lisa  Byron 

EXECUTIVE  PROGRAMS 

svp,  executive  programs  Jennifer  Richards 
vp.  conference  mgmt.  Cynthia  Mollus  dir.,  marketing 
svcs.  Shellie  Rapson  James  dir.,  business  development 
John  Vulopas  dir.,  event  planning  Amy  Turell 
program  ops.  mgr.  Brian  Fuce  marketing  mgr.  Glede 
Kabongo  sr.  client  relations  specialist  Sandra  J. 
Hughey  sr.  logistics  coordinator  Michael  Barbato 
sr.  customer  services  coordinator  Sarah  Yee 

ONLINE  &  INFORMATION  SYSTEMS 

cio  Mark  Hall 

online  svp/gm.  online  Tim  Horgan 
e-commerce  mgr.  Andrew  Burrell 
online  production  specialist  Rupal  Patel 
online  producers  Todd  Borglund,  Shannon 
MacDonald,  Jennifer  McCarthy 
information  systems  dir.,  i.t.  DagmarEiben 
infrastructure  manager  James  C.  Burgoyne 
user  services  manager  Ron  Bettencourt 
senior  user  services  specialists  Jonathan  Frappier, 
Michael  Fahlsing  system  administrator  Robert  Reagan 
sr.  web  developers  Sean  McCracken,  Ellen  Morey 
assoc,  web  developer  Anthony  Servideo 

PRODUCTION 

vp,  manufacturing  Chris  Cuoco  production  manager 
Lee  Tuttle  sr.  production  coordinator  Lisa  Stevenson 
production  coordinator  Stephanie  Naughton 

MARKETING 

evp/cmo  Cathy  O'Leary  Hayes  vp.  news  &  information 

Susan  Watson  program  administrator  Lori  Piscatelli 
publicist  Rick  Sheehy  dir.,  marketing  research 
Bridget  Cammarata  marketing  research  managers 
Carolyn  Johnson,  Dylan  DiGregorio 

dir.,  marketing  comm.  Sue  Yanovitch 

SR.  MARKETING  COMM.  SPECIALISTS 

Susan  Maloney.  Kara  Murphy 

marketing  comm,  coordinator  Lynn  Holmlund 

ADMINISTRATION 

dir.,  finance  Margarita  Chiango  finance  &  operations 
analyst  Chris  Bernardi  executive  assistant  to  the 
president  Diane  Martin  billing  administrator 

Joyce  Gillis  facilities  specialist  John  Kelley 

office  services  coordinator  Mary  E.  Wooldridge 

HUMAN  RESOURCES 

vp.  human  resources  Patricia  Chisholm 
human  resources  manager  Tanya  Bureau 
sr.  hr  representative  Beth  S.  Ramistella 

CXO  MEDIA  INC. 

INTERNATIONAL  DATA  GROUP 

ceo  Pat  Kenealy 

board  chairman  Patrick  J.  McGovern 


72 


FEBRUARY  1 


2005  |  www.cio.com 


To  receive  your  FREE  Security  catalog  from  Black  Box, 
call  877-877-2269  and  mention  code  SE5. 

Your  computers,  your  networks,  and  your  premises  are  vulnerable.  Whether  the  danger  is  an  Internet  virus,  malicious 
fingers  on  an  unattended  keyboard,  or  a  common  thief,  you  need  to  guard  against  it. 

Black  Box  offers  password-protected  network  devices,  locking  cabinets,  secure  switches,  IP  cameras,  and  much  more! 
Plus  we  back  it  all  with  FREE  24/7/365  hotline  Tech  Support.  We  can  even  install  your  security  solutions  for  you. 


Operating  in  141  countries  around  the  world,  we're  your  One  Source  ’  for  data 
and  voice  products  and  services — backed  by  the  industry's  best  Tech  Support. 
We  design,  install,  and  maintain  wired,  wireless,  and  hybrid  networks. 


BLACKBOX 

NETWORK  SERVICES  724-746-5500  •  blackbox.com 


BLACK  BOX  and  the  Double  Diamond  logo  are  registered  trademarks  and  One  Source  is  a  trademark  of  BB  Technologies,  Inc.  Copyright  ©  2005  Black  Box  Corporation.  All  rights  reserved 


SALES  AND  SERVICES 


CIO  SALES  OFFICES 
President  and  CEO 

Walter  Manninen  •  508  935-4101 

Publisher 

Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

EAST  COAST 

Senior  Vice  President, 

Sales  and  Integrated  Solutions/East 

Joan  Kelly  •  508  935-4586 

Regional  Sales  Director 

Kathy  Powers  •  201 634-2331 

Regional  Sales  Manager 

Ellie  Schwab -201 634-2332 

District  Sales  Manager 

Andrew  Haney  •  508  988-7863 
Fax  •  508  879-6063 

Account  Executive 

Joan  Bonadeo  •  201 634-2328 

Senior  Sales  Associate 

Rhonda  Goodman  •  201 634-2329 
Fax  •  201 634-9513 

NEW  ENGLAND 

Senior  Vice  President, 

Sales  and  Integrated  Solutions/East 

Joan  Kelly -508  935-4586 
Account  Executive 

Dawn  Cora  •  508  935-4092 
Fax  •  508  879-6063 


Account  Executive 

Brenda  Garza  •  512  306-9801 
Fax  •  512  306-9805 

NORTH  CENTRAL 

Senior  District  Sales  Manager 

Beth  DeVillez  •  847  759-2727 

Advertising  Sales  Associate 

Kim  Giovanni  •  847  759-2728 
Fax  •  847  759-2729 

WEST  COAST 

VP,  Sales  and  Integrated  Solutions/West 

Bob  Melk- 415-975-2685 

Senior  Regional  Sales  Managers 

Ai  Collins -415  975-2686 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

Account  Executive 

Derek  Jung -415  975-2683 
Fax  •  415  543-2358 

Senior  Sales  Associate 

Sara  Mascall  •  415  978-3385 

SOUTHERN  CALIFORNIA 

Regional  Sales  Manager 

Kevin  Ebmeyer  •  415  975-2684 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 

Online  Sales  Manager 

Michael  McPhee  •  508  935-4611 


CUSTOM  PUBLISHING 

Group  Director 

Michael  Siggins  •  508  988-6763 
Director  Mary  Gregory  •  508  988-6765 

Director  of  Content  Development  Tom  Field 
Senior  Project  Manager  Amy  Greenleaf 
Project  Manager  John  Danielowich 

REPRINT  SERVICES 

For  article  reprints  (500  quantity  or  more), 
please  contact  Jesse  Levy  at  PARS 
International  (212  221-9595  xl23)  or 
via  e-mail  at  jesse@parsintl.com. 

CIO  IS  PUBLISHED  IN  THE 
U.S.  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on.ca/cio 
China,  CEO  &  CIO  China  www.ceocio.com.cn 
France,  CIO  France  www.idg.fr/cio 
Germany,  CIO  Germany  www.cio.de 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
The  Netherlands,  CIO  Netherlands  www.cio.ni 
New  Zealand,  CIO  New  Zealand  www.idg.co.nz 
Norway,  CIO  Business  Standard 
www.business-standard.no 
Poland,  CXO  Poland  www.cxo.pl 
Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 

South  Korea,  CIO  Korea  www.cio.seoul.kr 
Sweden,  CIO  Sweden  www.cio.idg.se 


SOUTH  CENTRAL 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 


For  further  sales  information,  visit 

www2.cio.com/marketing/aboutcio/ 

contacts.cfm. 


INDEX  OF  COMPANIES  AND  ADVERTISERS 


Page  numbers  refer  to  the  first  page  of  the  article(s)  in  which  the  company  has  a  substantial  mention. 

This  index  is  provided  as  a  service  to  readers.  The  publisher  does  not  assume  any  liability  for  errors  or  omissions. 


COMPANY  INDEX 

41st  Parameter  Inc.,  The  . 48 

5 Wits  . 19 

Aflac  Inc . 56 

Agriliance  LLC . 69 

Alcoa  Inc . 38 

Allstate  Insurance  Co . 38 

American  Red  Cross,  The  . 56 

Bingham  McCutchen  LLP  . 56 

Blue  Cross  and  Blue  Shield 

Association  . 56 

Burger  King  Corp . 19 

Carlson  Companies  Inc . 69 

ComScore  Networks  Inc . 19 

Cooley  Godward  LLP . 69 

Craigs  list  . 19 

Cutter  Consortium . 38 

Dana  Corp . 19 

Dell  Inc . 56 

eBay  Inc . 19 

Electronic  Data  Systems  Inc.  ...  56 
Ernst  &  Young  L.L.P . 48 


FedEx  Corp . 69 

Florida  Power  &  Light  Co . 38 

Foote  Partners  LLC . 19 

Forrester  Research  Inc . 19 

Gartner  Inc . 56 

General  Electric  Co . 19 

Gillette  Co.,  The  . 19 

Guardian  Life  Insurance  Company 

of  America,  The . 56 

H.D.  Smith  Wholesale  Drug  Co. 

. 19 

Hannaford  Bros.  Co . 19 

Hewlett-Packard  Co . 38,  56 

Honeywell  Inc . 19 

Huntington  Bancshares  Inc.  ...  48 

I  Spot  Networks  LLC  . 19 

iJet  Travel  Risk  Management  ...  38 

KPMG  International . 48 

Little  Diversified  Architectural 

Consulting  . 38 

Meta  Group  Inc . 38 

Microsoft  Corp . 19 


Nixon  Peabody  LLP . 69 

Office  Depot  Inc . 19 

Partners  Healthcare  System  Inc. 

. 62 

PepsiCo  Inc . 19 

Pfizer  Inc . 19 

PricewaterhouseCoopers 

International  Ltd . 48 

Procter  &  Gamble  Co.,  The  ....  19 

Protiviti  Inc . 69 

Purdue  Pharma  L.P . 19 

Robert  Half  Technology  . 19 

Saks  Inc . 19 

Tyson  Foods  Inc . 69 

Unisys  Corp . 48 

Wachovia  Corp . 48 

Wal-Mart  Stores  Inc . 19 

ADVERTISER  INDEX 

Adobe  Systems  Inc . 2 

AptSoft  Corp . 26a 

Black  Box  Corp . 73 


Business  Objects  Inc . 8 

Cisco  Systems  Inc . 7 

Compuware  . 31 

CXO  Media  Inc .  27,  46,  68,  75 

Fujitsu  Computer  Systems  Corp.  . . 


Hitachi . 33 

IBM  Corp . 55 

Intel  Corp . C3 

InterSystems  Corp . 45 

Microsoft  Corp . 29,  67 

NEC . 65 

Nokia  . 11 

Oracle  Corp . 35 

Research  In  Motion  . 23 

Ricoh  Corp . 25 

SAP  . 17 

Sun  Microsystems  Inc . 4 

Sungard  Availability  Services  ...  18 

Symantec  Corp . 13 

Veritas . C4 

Xerox  Corp . C2, 14 


CIO  CONTACT 
INFORMATION 

Editorial,  Advertising  and  Business 
Offices:  CXO  Media  Inc.,  492  Old 
Connecticut  Path,  P.O.  Box  9208, 
Framingham,  MA  01701-9208, 

508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined 
issue  Dec.  15/Jan.  1  by  CXO  Media 
Inc.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2004  by 
CXO  Media  Inc.  Ail  rights  reserved. 
Reproduction  of  material  appearing 
in  CIO  is  forbidden  without  written 
permission.  Send  all  requests  to 
Permissions  Department,  CIO, 

492  Old  Connecticut  Path, 

P.O.  Box  9208,  Framingham,  MA 
01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  orthe  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  f. 

Subscriptions:  CIO  is  free  to 
qualified  information  executives.  To 
apply,  use  our  online  subscription 
form  at  www.subscribe.cio.com. 
Subscriptions  are  also  available  on  a 
paid  basis  at  a  rate  of  $95  for  the 
United  States  and  Canada,  $195 
International  (payable  in  U.S.  funds 
only)  and  may  be  ordered  online  at 
www.subscribe.cio.com/services.html. 
Or  address  inquiries  toCIO.  P.O. 

Box  489,  Northbrook.  IL  60065- 
0489:  866  354-1125.  Please  allow 
four  to  six  weeks  for  a  new  subscrip¬ 
tion  to  begin.  The  single  copy  price 
is  $9  for  the  United  States  and 
Canada,  and  $15  International. 
Prepayment  is  required,  payable  in 
U.S.  funds. 

Change  of  Address:  Please  go  to 
www.omeda.com/custsrv/cio  and 
follow  the  online  instructions. 

Postmaster:  Send  change  of 
address  to  CIO,  P.O.  Box  489, 
Northbrook,  IL  60065-9816.  Printed 
in  the  U.S. A. 


7  4 


FEBRUARY  1,  2005  |  www.cio.com 


CALL  FOR  ENTRIES 


18TB  annual  awards  competition 


For  too  long now,  the  name  of  the  game  has  been  survival.  Cut  your  budget. 
Slash  your  staff.  Do  more  with  less,  or  just  do  less.  Postpone  it,  reduce  it  or 
outsource  it.  Think  small. 


But  thinking  small  is  for  losers. 


We’re  looking  for  organizations  and  leaders  playing  to  win,  not  just 
survive,  despite  business  conditions  that  continue  to  be  difficult 
and  restrictive. 

Boldness  requires  the  vision  to  see  where  your  business  could  go, 
where  IT  could  lead  it  and  then  investing— money,  time,  people  and 
brainpower— to  make  that  happen.  It  means  finding  new  ways  for  tech¬ 
nology  to  make  the  enterprise  more  profitable.  It  means  going  after 
new  customers,  in  new  markets,  with  IT  helping  to  create  new  products 
and  systems  in  that  pursuit.  Bold  companies  lookfor  imaginative  ways 
to  organize  thei  r  resources,  their  staff  and  their  governance  to  enhance 
their  future  competitiveness. 


CIO  100  honorees  will  be 
honored  at  the  annual  CIO  100 
Symposium  &  Awards  Cere¬ 
mony  Aug.  21-23,  2005,  at  the 
Hotel  del  Coronado,  California. 
Honorees— and  their  bold 
ideas— will  also  be  featured  in 
the  Aug.  15,  2005,  issue  of  CIO. 

Learn  more  about  the  CIO  100 
and  get  an  application  on  our 
website.  Applications  available 
online  at  www.CIO.com/ciolOO, 


Presented  by 


Boldness  means  embracing  significant  risk  for  the  sake  of  great 
reward. 


If  you  can  show  measurable  results  of  how  IT  has  enabled  and  led  bold 
initiatives  in  your  organization,  then  our  readers— your  peers— want  to 
know  about  you. 


The  Resource  for 
Information  Executives 


Be  recognized  as  one  of  the  Bold  100. 

Apply  now  for  the  18th  Annual  CIO  100  Awards. 


02.01.05  EXECUTIVE 


summaries 


CIO  CHRIS  FRANCE  boosted  flexible 
IT  spending  at  Little  Diversified 
Architectural  Consulting  to  90%. 


36  |  COVER  STORY 
FLEX  TIME 

IT  executives  today  are  confronted 
by  a  paradox:  They  have  been 
charged  with  driving  costs  out 
of  operations  while  at  the  same  time 
they’re  being  asked  to  innovate.  The 
way  to  accomplish  both  is  to  alter  the 
ratio  between  the  fixed  and  flexible 
portions  of  their  IT  budgets,  favoring 
the  latter.  CIOs  in  many  industries  are 
lowering  their  fixed  costs  by  consoli¬ 
dating  vendors,  buying  out  long-term 
contracts  and  outsourcing.  The  risk  is 
that  the  CFO  will  take  the  newly  freed 
funds  from  IT,  viewing  them  as  dis¬ 
cretionary.  But  the  entire  enterprise 
benefits  when  CIOs  can  invest  in  tech¬ 
nologies  that  spur  growth  and  generate 
competitive  advantages.  While  there’s 
no  ideal,  universally  applicable  “flexi¬ 
ble  versus  fixed”  cost  ratio,  having 
between  70  percent  to  100  percent 
of  your  budget  fixed  is  considered  to 
be  toxic  to  innovation.  To  determine 
the  best  mix  for  you,  you  need  to  be 
able  to  forecast  market  demand  and 
benchmark  against  the  fixed  and  flex¬ 
ible  budget  models  of  others  in  your 
industry.  By  Susannah  Patton 

76  FEBRUARY  1,  2005  |  www.cio.com 


28  |  I.T.:  HALF-FULL? 

CIOs  WHO  ACHE  FOR  the  good  old  days  often  bemoan  that  outsourcing  and  packaged 
solutions  have  hollowed  out  IT.  This  view  of  IT  as  a  glass  half-empty  can  become  a  self- 
fulfilling  prophecy,  says  Susan  Cramm.  In  her  new  column,  Executive  Coach,  Cramm 
suggests  that  CIOs  should  stop  obsessing  about  outsourcing  and  focus  instead  on  differ¬ 
entiating  their  customer-facing  processes.  These  provide  the  key  to  the  competitive  advantage 
that  internal  IT  organizations  can  exercise  over  external  vendors.  Therefore,  ask  not,  “What 
can  my  business  do  for  IT?”  But  ask  instead,  “What  can  IT  do  for  my  business?” 

48  |  AN  INVITATION  TO  STEAL 

MANY  PEOPLE  ASSUME  that  automating  operations  will— along  with  saving  money— 
reduce  opportunities  for  fraud.  But  in  some  cases,  automation  actually  makes  fraud  easier 
to  perpetrate.  For  example,  Check  21,  a  federal  law  that  allows  for  the  processing  and  creation 
of  digital  check  images  and  substitute  checks,  is  expected  to  save  the  banking  industry 
billions.  But,  because  Check  21  automation  makes  digital  images  of  checks  available  to 
online  customers,  criminals  can  more  easily  gain  access  to  the  information  they  need  to 
create  counterfeits.  CIOs  can  minimize  potential  losses  by  developing  antifraud  strategies 
in  the  initial  design  phase  of  an  automation  project,  and  they  can  make  combating  fraud 
a  priority.  To  do  this,  CIOs  will  have  to  reach  out  to  the  executive  in  charge  of  fraud  detection, 
typically  the  CFO.  It’s  up  to  CIOs  to  lead  the  effort  to  make  antifraud  strategy  one  of  the 
drivers  in  automating  operations.  By  Allan  Holmes 

56  |  A  NEW  WAY  TO  MANAGE  VENDORS 

ORGANIZATIONS  GRAPPLING  with  more  complex  IT  offerings  and  juggling  multiple 
vendors  are  increasingly  forming  vendor  management  offices  (VMOs)  within  their  IT 
departments.  They’re  looking  for  cost  savings,  but  also  better  service  and  more  control 
over  the  technology  buying  process.  With  a  VMO,  a  CIO  can  more  easily  manage  relation¬ 
ships  with  multiple  vendors,  keep  track  of  performance,  and  negotiate  discounts  on  IT 
products  and  services.  CIOs  with  VMOs  report  significant  savings  on  software,  hard¬ 
ware  and  telecom  services.  VMO  managers  should  be  experienced  in  IT  as  well  as  finance 
and  legal  issues.  The  VMO  can  be  an  actual  office  or  a  virtual  team,  but  it  should  be  cen¬ 
tralized  and  located  within  the  IT  department.  The  group  should  be  endowed  with  strong 
authority,  the  better  to  convince  vendors  to  play  ball.  But  CIOs  should  be  careful  to  not 
exclude  project  managers  from  the  procurement  process.  Otherwise,  they  may  resent  the 
VMO,  and  this  could  cause  problems  for  IT  implementations.  By  Susannah  Patton 

62  |  GLASER  FACES  THE  MUSIC 

BETWEEN  EARLY  AUGUST  and  mid-September  2004,  Partners  Healthcare’s  electronic 
medical  records  (EMR)  system  either  went  down  completely  or  became  difficult  to  access 
25  times,  denying  doctors  their  patients’  histories.  Partners  CIO  John  Glaser  confronted  a 
potential  medical  mutiny.  Recognizing  both  the  business  and  the  emotional  significance  of 
the  failures,  Glaser  put  other  projects— including  all  new  EMR  system  deployments— on 
hold  and  had  the  technology  team  focus  solely  on  the  problem.  Meanwhile,  Glaser  made 
himself  the  single  point  of  contact  for  anyone  approaching  IT,  explaining  to  his  CEO,  the 
administrators  and  the  physicians  exactly  was  going  on  and  exactly  what  was  being  done 
about  it.  Once  the  problem  is  resolved,  Glaser  will  turn  his  attention  to  reestablishing  his 
department’s  credibility  and  resuming  the  EMR  system  rollouts.  By  Ben  Worthen 


PHOTO  BY  ROGER  BALL 


The  server  platform  of  choice 

just  got  better. 


Introducing  the  Intel®  Xeon“  processor  with 
support  for  32-  and  64-bit  applications. 

It  means  the  most  widely  used  server  platform 
in  the  world  can  now  work  even  harder. 

And  new  platform  technologies  enable  increased  power  savings, 
flexibility  and  performance.  For  more 

information  —  and  more  choice  — visit  intel.com/business. 


Improved 

power-saving 

options 


Flexible  memory, 
I/O  and  storage 
configurations 


Support  for 
32-  and  64-bit 
applications 


® 


©2005  Intel  Corporation.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  All  rights  reserved 


From  desktop  to  datacenter,  Utility  Computing  ensures  all  your  critical  data  is  available.  That’s  why  99%  of 
the  FORTUNE  500®  rely  on  VERITAS.  The  world  leader  in  data  recovery.  Software  for  Utility  Computing,  veritas.com 


VERITAS 


©  2004  VERITAS  Software  Corporation.  All  rights  reserved.  VERITAS  and  the  VERITAS  Logo  are  trademarks  or  registered  trademarks  of  VERITAS  Software 
Corporation  or  its  affiliates  in  the  U.S.  and  other  countries.  Other  names  may  he  trademarks  of  their  respective  owners. 


